Broadband communications

ABSTRACT

The invention relates to communications, particularly but not exclusively broadband communications. One facet of the present invention relates to provisioning of services in a communications network and finds particular, but not exclusive, application in a broadband network environment or other environment where services are provisioned. The provisioning of services will now be discussed in more detail.

[0001] According to one embodiment, the broadband network may be, but isnot limited to, an MPLS (Multi-Protocol Label Switching) or an IPSec (IPSecurity) network and the service may be provisioned via a VirtualPrivate Network (VPN) connection.

[0002] Provisioning is a fundamental step in establishing a connectionwith a user. The user is normally provided with a user device, anon-limiting but illustrative example of which includes a PersonalComputer (PC) and an access device. For example, in a broadband network,a cable modem or Digital Subscriber Line (DSL) modem normally providedas an access device to connect the user device to the broadband network.With a conventional dial up network, any user with a suitable modem andis able to dial into a service (although some service may request apassword following connection whereas others may allow open or guestaccess). Similarly, with Internet services, any user with access to theInternet can access a desired web address, although some sites mayrequire passwords. In both cases, however, it is not necessary for theservice to have details of the user equipment in advance of connection.In contrast, broadband services must be specifically provisioned for agiven user. In order to provision services for a broadband connection,it is necessary for the provisioning application to have a unique“physical” identifier of the user with whom the service is beingprovisioned. In the case of a cable modem connection in particular, thismay be referred to variously as physical address or identifier, hardwareaddress or Media Access Control (MAC) address. This may be achieved by,for example, a user manually reading an identifier of a hardware product(for example cable modem) printed on the packaging and communicatingthis, for example by telephone, to the service provider. This manualprovisioning method obviously has drawbacks; it is labour intensive andrenders rapid provisioning of new services cumbersome.

[0003] In the case of a DSL connection, the DSL modem does not have aMAC address nor a permanent IP address but the PVC ID used for theconnection between a DSL modem and a Broadband Access Router (BRAS) isused to identify the user; provisioning is carried out by managing thesoftware PVC between the BRAS and DSL modem. Class of service andQuality of service are managed through the settings of the PVC. Whenconnecting the PC to the modem and booting the system, the actual PVC IDis transmitted across the network and can be used for user association.Thus, in the case of a DSL connection, although the relevant “physicaladdress” which identifies the DSL modem is in fact that of an ATMvirtual connection, pursuant to the invention it has been appreciatedthat this can be regarded as a physical or hardware address for thepurpose of provisioning and treated in a similar manner to a cable modemMAC address. As used in this specification, the term “hardware address”or “physical address” is intended to encompass a PVC ID in the case of aDSL connection. The terms may encompass another address or identifierwhich uniquely characterises a connection to a specific access device inother contexts. The terms are intended to distinguish from higher levelidentifiers, such as an IP address or email address, which is notdirectly associated with a particular access device.

[0004] It is also possible to provide web-based applications forprovisioning for a cable modem whereby a user enters a MAC address (asdefined below) or physical device identifier into an interactivewebsite; this reduces labour at the provisioning end but still requiresa user to provide a (normally lengthy) physical identifier correctly. Inprior art systems, the access device generally connects substantiallytransparently and the physical address (MAC address) of the user device(PC) is normally used to define the connection.

[0005] It has been proposed to provide specific application software toread the hardware address details and communicate these to aprovisioning service provider and the provision of high-levelapplication software at the user end may facilitate automaticprovisioning of services. It does, however, of course require specialistsoftware at the user end, which must be provided, adding to costs andcomplexity, and which may not always be present so may need to beinstalled by a user.

[0006] Aspects of the invention are set out in the independent claims towhich reference should be made. Preferred features are set out in thedependent claims. Representative and further aspects are discussedbelow.

[0007] There is herein provided a method of providing an assured serviceto a user via a virtual private connection in a distributed network, themethod comprising providing an agent in the network and configuring theagent to monitor the virtual private connection by simulatingcommunication over the connection.

[0008] Preferably, the agent is arranged to reside on a node of thenetwork other than the user's end node.

[0009] Further preferably, the agent is arranged to receiveconfiguration information identifying a connection to monitor.

[0010] According to a further preferable feature, a single agent isarranged to receive configuration information identifying a plurality ofindependent connections to monitor.

[0011] Preferably, the method further comprises configuring the agent topass a fault report to a remote network monitoring component in theevent that a fault is detected in the provisioned virtual privateconnection.

[0012] There is also herein described a method of providing an assuredservice to a user via a virtual private connection in a distributednetwork, the method comprising provisioning a virtual private connectionbased on provisioning information and, based on the provisioninginformation, configuring an agent in the network to monitor theprovisioned virtual private connection by simulating communication overthe connection.

[0013] Preferably, configuration information is sent to a pre-existingagent.

[0014] According to an alternative preferable feature, an agent islaunched if no preexisting agent is available to monitor the provisionedconnection.

[0015] Preferably, the agent is further configured to pass a faultreport to a remote network monitoring component in die event that afault is detected in the provisioned virtual private connection.

[0016] According to a further aspect, there is provided a method ofprovisioning a desired communications service for a user across anetwork, the method comprising obtaining information for a desiredcommunications service to be provisioned based on information associatedwith an existing connection for the user and provisioning the desiredcommunications service based on the information obtained.

[0017] This may facilitate provisioning by making use of an existingconnection as a source of information on which to base provisioning of anew connection.

[0018] According to a preferred embodiment, there is provided a methodof provisioning a service in a broadband network to a user device havingan internetwork protocol address, the method comprising:

[0019] obtaining an internetwork protocol address of a user device forwhom a service is to be provisioned;

[0020] sending a configuration protocol query message to a configurationrelated address server, the message containing the internetwork protocoladdress of the user device;

[0021] waiting for a response message from the server;

[0022] extracting a hardware address related to the user device from theresponse message;

[0023] provisioning a network connection with the user device based onthe hardware address obtained from the response message.

[0024] There is herein described an improved and simplified method offacilitating provisioning in communications networks, particularlybroadband networks. Preferably a user may be able to purchase an accessdevice, such as a cable or DSL modem, “off the shelf” and services maybe provisioned for the access device without the service provider havingpre-provisioned the access device or supplied specialist software.

[0025] According to one embodiment, the broadband network may be an MPLSor an IPSec network. The user device may be provisioned via a VirtualPrivate Network (VPN) connection and, in particular, via an IP VPNconnection.

[0026] There is described herein a method of provisioning acommunications service for a user, the method comprising obtaining ahardware address for an access device, for example a cable modem MACaddress or PVC ID in the case of a DSL connection, based on acommunications protocol address, such as an Internet Protocol address,of a user device, for example a PC, and provisioning a service based onthe hardware address obtained. The hardware address can be obtainedusing a low level protocol, for instance DHCP lease query.

[0027] Also described is the use of a communications protocol address,such as an Internet Protocol (IP) address, of a user device to obtain aphysical address of an access device for use in provisioning a servicefor the user via the access device.

[0028] Further, there is also described herein a method of provisioninga service for a network access device comprising receiving a requestfrom a user for a service which request does not include the physicaladdress of the access device and provisioning a service based onobtaining the physical address of the access device using acommunications protocol address, such as an Internet Protocol (IP)address, for the user.

[0029] A provisioning application is also described, which comprisesmeans for receiving a communications protocol address, such as anInternet Protocol (IP) address, of a user device; means for discoveringthe physical address of an access device associated with tile userdevice based on the communications protocol address and means forprovisioning a service for the access device based on the discoveredphysical address.

[0030] The methods and apparatus described above preferably operatewithout requesting the user to supply a physical address for the accessdevice and without requiring the user to install software specific tothe service provider.

[0031] It has been appreciated that it is possible to obtain or verifythe physical device address of a user device such as a PC by a “bruteforce” trawl through IP servers in an IP environment. However, such amethod is not particularly efficient in terms of resources and a moreelegant method has been developed; this can drastically reduce timetaken to obtain a physical address corresponding to an IP address.

[0032] There is further herein-described a method of provisioning aservice in a communications network for a user having an communicationsprotocol address, such as an IP address, the method comprising:

[0033] obtaining a communications protocol address of a user for whom aservice is to be provisioned;

[0034] sending a DHCP lease query message to a DHCP server, the messagecontaining the communications protocol address of the user;

[0035] waiting for a DHCP response packet from the server,

[0036] extracting a hardware address, such as the MAC address or the PVCID, of the user from the DHCP response packet;

[0037] provisioning a network connection with the user based on thehardware address obtained from the DHCP response packet.

[0038] By way of additional background, it is noted that the methoddescribed above makes use of the well established Dynamic HostConfiguration Protocol (DHCP), details of which can be found in RFC 2131of the Internet Community dated March 1997 and available, inter alia, athttp://www.dhcp.org/rfc2131.html, the contents of which are incorporatedherein by reference. The method also makes use of the draft DHCP LeaseQuery message protocol, details of which may be found on the ietf.orgwebsite and are summarised below. As those skilled in the art willappreciate, DHCP is an established low-level protocol for managing IPconnections. DHCP presupposes that services have been previouslyprovisioned for the user with whom a connection exists and does notdirectly concern itself with provisioning.

[0039] Those skilled in the art will appreciate that provisioning ofservices is normally a distinct process from low level communicationbetween access concentrators and DHCP is not normally considereddirectly relevant to provisioning applications. In particular, die DHCPlease query has been designed for access concentrators within a networkto rebuild address information gleaned from their access relay functionafter rebooting or replacement. However, it has been appreciated thatfeatures of DHCP can in fact also be used to simplify provisioning. Auser for whom a service is to be provisioned will often have apre-existing IP address. Using DHCP Lease Query, the hardware parametersassociated with that address can be identified from the DHCP serverwithout the need for specialist application software at the user end norfor manual provision of the hardware identifier and this information canbe used to provision a new service. Thus, surprisingly, DHCP lease querycan be used in a provisioning context to facilitate automaticprovisioning.

[0040] It is particularly advantageous that an address allocated in aninternetworking environment, such as the Internet environment, can beused to obtain a hardware address. Within a network, the arrangement isusually that the network has at least one server, such as a DHCP server,which controls allocation of a block of internetworking protocoladdresses (e.g. IP scope), which can be used across the internetworkingenvironment, to individual hardware devices connected within thenetwork. The mapping between internetworking protocol addresses andhardware addresses is then only known within the network doing theallocation and the DHCP lease query is only a low level communicationdesigned for use by access concentrators in a network to rebuild datafor use in carrying traffic. Increasingly, however, there is a demandfor open access services in which networks carry services provided byoff-net service providers but that means provisioning has to be done fornew access devices, or new services to be provided to existing accessdevices, by off-net service providers. Here a further problem arisessince an off-net service provider doesn't have access at all to the DHCPserver.

[0041] This further problem may be solved using a facility ofinternetworking protocols known as tunnelling. In tunnelling, a datagramis encapsulated in a protocol from a higher or the same level and passedacross the transport system to an endpoint where it is decapsulated.There are various forms of tunnelling, including Virtual Local AreaNetwork (VLAN) encapsulation and source network address routing but aform that is likely to be particularly appropriate is Point-to-PointProtocol (PPP), for example PPP over Ethernet (PPPoE). This is describedin an Internet Engineering Task Force (IETF) Draft, a list of currentDrafts being available at http://www.ietf.org/ietf/lid-abstracts .txt.Increasingly, networks such as broadband networks will supporttunnelling and this is exploited in the apparatus and methods hereindescribed.

[0042] The user access device IP address may be obtained by means of anexisting internetworking connection such as a TCP/IP connection Forexample, most conveniently a user may be required or requested to visita website in order to obtain a new service and the user's access deviceIP address may be captured from this website for use in formulating aDHCP lease query for a provisioning application. Other TCP/IPtransactions may be used to obtain an IP address for the user accessdevice.

[0043] There is also herein described use of a DHCP lease query messageto obtain a physical hardware identifier of a user device for use in aprovisioning application to provision a broadband service for the user.

[0044] Further, there is also described a provisioning applicationhaving means, preferably a provisioning module, for provisioning abroadband service based on an access device physical addresscharacterised by means, preferably a query module, for obtaining theuser hardware identifier based on a DHCP lease query message submittedto a DHCP server and containing an IP address related to the accessdevice. The access device may be a cable modem or DSL modem and thephysical address may be a MAC address or PVC ID.

[0045] There is also herein described a computer program or computerprogram product, preferably stored on a computer readable medium, forperforming any method described herein, preferably containinginstructions for:

[0046] generating a DHCP query message containing an identifier relatedto an access device;

[0047] obtaining from a response to said message a hardware identifierof the access device;

[0048] provisioning a service for the access device based on thehardware identifier obtained.

[0049] Whilst the use of DHCP lease query may provide a particularlypreferred, efficient and elegant implementation, other mechanisms mayalternatively be used which allow an access device physical address tobe returned using an internetworking address (or other pre-existingidentifier related to the user of the access device) and preferablywithout requiring specialised software on the user machine.

[0050] Prior art provisioning methods generally provision services basedon physical addresses (MAC addresses) of user devices such as PCs.Further, there is also herein described a method of provisioning aservice for a user having a user device connected to a broadband networkvia a broadband access device, the user device and the broadband accessdevice each having a respective physical address, the method comprisingprovisioning a service based on the physical address of the accessdevice.

[0051] This allows the user to replace a user device, for example toconnect multiple PCs without having to re-provision each device, whichcan be a cumbersome process, particularly with prior art provisioningmethods. It also reduces the risk of fraudulent access as the service ismade to the nearest point to the broadband network, namely the accessdevice. Thus, if the access device is swapped, the service will need tobe re-provisioned.

[0052] A significant advantage of the methods and apparatus describedabove is that they may facilitate more rapid expansion of services asusers may purchase suitable access devices from retail outlets withoutrequiring pre-provisioning or specialist skills to install the devices.

[0053] It has been further appreciated that because the novelprovisioning application described can autonomously propagate services,it is desirable to integrate this with or tie the provisioningapplication to a capacity management application.

[0054] Thus preferably the provisioning method or provisioningapplication includes the step of or means for communicating with acapacity management application and such a method or application may beindependently provided.

[0055] The method may include checking for available capacity prior toprovisioning a service and/or reporting provisioning of a service to acapacity management application after provisioning.

[0056] Conventionally, provisioning and capacity planning are distinctand this reflects conventional provisioning processes; problems havehitherto not been appreciated. However, this method may enableprovisioning to be controlled at a higher level before problems arise;thus this solves a surprising and hitherto unappreciated problem whichstudies reveal might arise were efficiency of existing provisioningprocesses improved. The benefits of this method may be realised evenwith conventional provisioning processes.

[0057] The system described herein further extends to a capacitymanagement application having means for communicating with aprovisioning application. The capacity management application willnormally have means for storing data relating to network capacity anduser interface for communicating the stored data with a user. Thecapacity management application will normally provide a graphicalinterface and may include conventional statistical and graphing toolsfor displaying information concerning present, historical or predictednetwork capacity. The details of the capacity planning application arenot critical and may be based on existing network planning applications.According to the inventive development, the application has means forcommunicating (preferably dynamically/in real time) with a provisioningapplication. Thus a provisioning application can report provisioning ofnew services and thus advise that capacity will be reduced before thiswould normally be featured in capacity planning considerations (forexample before an actual increase in traffic can be detected).Particularly in the case of rapid roll out of services, this may lead toa significant increase in reliability of predictions. Alternatively orin addition, the capacity management application may feed informationback to the provisioning application and may inhibit provisioning ifcapacity is unavailable, or may limit the capacity that can beprovisioned. Again this may be advantageous particularly in the case ofrapid roll out as it may reduce the risk of a service being provisionedand leading to network overload or the service being unsatisfactory to auser.

[0058] Preferably a network management tool comprises means fordisplaying at least one of performance, no of modems on a given node,quality of service, duration of connection, uptime, identifiers offaulty modems. Preferably a network management tool has means forcommunicating with an agent associated with a network component forreceiving information from the agent. Preferably the network managementtool comprises means for displaying information based on network usageat the level of network segments, preferably wherein a network segmentcorresponds to a card of a universal broadcast router or cable modemtermination system. Preferably an agent is provided to report usage atthe segment level. Preferably the management tool has means fordisplaying an indication of subscriber types as well as trafficinformation. A network management tool having any of the preferredfeatures disclosed herein may be independently provided.

[0059] Information gathered by agents associated with at least some ofthe individual network components may allow the remote networkcomponent, which may be, for example, a network monitoring component, tobe provided with realtime data from that point in the network. Theinformation provided to the remote network component may allow theremote network component, for example, to monitor services provided tousers and to identify quickly the source of a fault in the network. Theremote network component may use the information to monitor the statusof the network as a whole, or the status of a portion of the network.

[0060] Information other than the equipment status information may alsobe passed to the remote network component. For example, identificationinformation for the network component may be transmitted, or servicedata, such as the rates at which data is being transmitted through thecomponent, may also be transmitted to the remote network component.

[0061] Preferably, the agent further comprises means for receiving aconfiguration instruction. The presence of the agent on the networkcomponent may allow the network component to be configured remotely. Ifthe network component stores service parameters for a user, then theagent may allow the remote modification of these service parameters, forexample by the end user, or by a control centre.

[0062] Preferably at least a portion of the operation of the agent isconfigurable by means of a script. Hence the agent may be configured tosend different types of data to the remote network component or to senddata at predefined intervals.

[0063] As discussed above, the remote network component may be a networkmanagement tool which may be used to monitor and control the network andindividual components within the network. In addition, or alternatively,the remote network component may be a planning tool or a provisioningtool, the network component may pass information regarding new userdevices that connect to it to these remote components. Planning tools orprovisioning tools may also receive information from the networkcomponent regarding traffic flow through the network component to allowthe tools to plan for future provisioning requests.

[0064] According to a highly preferable feature, at least a portion ofthe operation of the agent is configurable to simulate activity of othernetwork components at the network component incorporating the agent.Hence the agent may test the operation of the network component bysimulating the activity of other network components. For example, theagent may simulate the process whereby another network componentconnects to or sends data to the network component. This may allow theagent to detect faults in the network component or in the network. Theagent may signal an alarm to the remote network component in the eventof detection of a fault condition in the network or in the networkcomponent on which the agent is running.

[0065] Preferably, the agent further comprises means for sending areport on the simulated activity of the other network components to theremote network component. This may allow the remote network component todetect and to debug faults in the network component incorporating theagent or in the network itself.

[0066] According to a preferable embodiment, the network component is aPoint-of-Presence in a broadband network.

[0067] According to a further aspect, there is also herein provided amethod of monitoring and controlling network components in a broadbandnetwork, comprising:

[0068] providing an agent at each of a plurality of network componentsin the broadband network;

[0069] receiving data from each agent regarding the operation and statusof the network component;

[0070] processing the data to determine the status and operation of thebroadband network and of service provision in the broadband network.

[0071] Hence data corresponding to the network components may be sentfrom the agents to a central network monitoring component to allowmonitoring and control of the network.

[0072] Preferably, the agent provided at each of the plurality ofnetwork component comprises an agent according to the agent aspectoutlined above.

[0073] Preferably the step of processing the data comprises passing thedata to a network monitoring tool and allowing access to the data at auser interface. Hence a network operator may monitor the network usingthe user interface and the data that has been passed to the networkmonitoring tool.

[0074] A further preferable feature of the provisioning aspect may bethat:

[0075] At least one of the components in the broadband networkincorporates an agent for passing information concerning the networkcomponent to a remote network component such that the method ofprovisioning a service may further comprise sending a provisioninginformation message to the or each agent. If the provisioning toolcommunicates details of any newly provisioned service to the or eachagent, then the agent may begin to monitor the newly provisioned serviceimmediately and, as a further advantage, agents associated with thenewly provisioned service may be set up to monitor the service and thenetwork components associated with it.

[0076] Preferably, the method of provisioning a service furthercomprises storing individual user parameters for the service,configuring the service provision based on a set of core configurationparameters and customising die service provision based on the storedindividual parameters for the user. Hence the basic service may beprovisioned according to a standard procedure and set of parameters andfurther steps may then be taken customize the service for eachindividual user.

[0077] Preferably, the method further comprises identifying newconnections to the broadband network and automatically initiating aprovisioning procedure for provisioning a service to the user devicecorresponding to the newly connected user. This may allow end-to-endprovisioning of the user device. A user may connect a user device to thenetwork and the new device may be provisioned automatically onconnection. The provisioning of the user device should be dependent onthe type of the user device, for example a cable modem or a set top boxwould be provisioned differently.

[0078] According to one preferable embodiment, the identifying stepcomprises receiving a message when the user device connects to thenetwork.

[0079] According to a further preferable embodiment, the identifyingstep comprises monitoring the network to detect new connections to thenetwork.

[0080] According to a further aspect there is provided a method ofprovisioning a service for a user device in a broadband network, themethod comprising:

[0081] provisioning the service over the broadband network based onobtaining a physical address of the broadband access device;

[0082] storing individual service parameters for the user device from adatabase of service parameter information;

[0083] determining the individual service parameters for the user deviceand providing the service to the user device based on the determinedservice parameters.

[0084] This aspect may allow a service to be provisioned for a userdevice according to parameters defined by the user. The user may providethe desired parameter values either before or during provisioning andsome parameters may be determined automatically from querying the userdevice itself.

[0085] Preferably, the method further comprises providing a userinterface to allow a network operator or a user to access and to amendthe stored service parameters for the provisioned service. This mayallow the user parameters to be amended after provisioning.

[0086] According to one preferable feature, at least some of theindividual service parameters may be applied to a predefined pluralityof user devices. This may allow a user to set the service parametersfor, for example, a whole network of user devices.

[0087] According to a further aspect, there is provided a method ofprovisioning a connection between a remote user device and a virtualprivate network of user devices comprising provisioning the connectionsuch that: the virtual private network appears to be connected directlyto the remote user device; and the remote user device appears to beconnected directly to the remote user device.

[0088] Preferably, the method further comprises provisioning a serviceto the remote user device via the virtual private network (VPN).

[0089] According to one preferable aspect, the network is a broadbandnetwork and the provisioned service is a broadband service.

[0090] Preferably, the provisioning a service step comprises receiving arequest from a user of the remote user device, which request does notinclude the physical address of the remote user device and provisioninga service based on obtaining the physical address of the remote userdevice.

[0091] Further preferably, the physical address of the remote userdevice is obtained by using the local address of the remote user devicewithin the VPN.

[0092] According to an alternative preferable embodiment, the physicaladdress of the remote user device is obtained by using an IP address ofthe remote user device.

[0093] The invention further provides provisioning tools, planningtools, user interfaces, methods, inventory tools, agents for devices,data packets, computer programs, computer program products, apparatus,systems, and computer implemented methods. Features and preferredfeatures of each category may be applied to other categories unlessotherwise stated. References to tools are intended to encompass withoutlimitation applications or applets, software modules, combinations ofhardware and software and to include both stand-alone modules, modulesor code integrated into larger applications and modules which may standalone and/or be provided as part of a suite of components. In mostcases, these tools may be embodied as computer programs and computerprogram products and may be supplied as data packets or signals, but mayinclude either general purpose or dedicated hardware.

[0094] A further aspect provides a provisioning tool for a broadbandnetwork comprising means for discovering information concerning aservice to be provisioned based on information associated with anexisting connection.

[0095] A further aspect provides a provisioning tool for provisioning abroadband service over at least one specified hardware connection, theprovisioning tool comprising a module for performing an activationaction and an activation script processor for processing an activationscript defining a workflow sequence including at least one activationaction.

[0096] Conventionally the workflow sequence would be implicit in theoperation of any activation module for a particular hardware connection.However, pursuant to the invention, it has been appreciated that similarsteps may be performed for different hardware connections and changesmay be made dependent on the network configuration. By providing amodule for performing an activation action and an activation script,definition of the necessary steps for a variety of hardware connections(cable, dsl modems of varying types, MPLS and VPN connections) may beaccommodated more easily without requiring complex dedicated programmingfor each type of hardware; basic actions may be defined and then thesemay be put together using a script.

[0097] Preferably the script is user viewable and/or editable. In ahighly preferred embodiment, the activation script is executed in astructured document, particularly a markup language such as SGML or mostpreferably XML (extensible markup language)—XML provides a readilyeditable and readily processed compact language having sufficientflexibility to implement an activation script. The provisioning tool mayprovide means for storing a plurality of activation scripts for mutuallydistinct hardware connections and means for selecting an executing anappropriate script for a hardware connection in response to anactivation request.

[0098] Preferably the provisioning tool has means for receiving anidentifier of a client device and means for selecting an activationscript based on the identifier. The identifier may include an identifierof equipment type for at least some components in the network,preferably for all components. The equipment type information preferablyincludes manufacturer and model information—this enables differentprocedures for different versions of the same type of device (e.g.switch, cable modem) to be accommodated. This is particularly beneficialwhen scripts govem workflow as the workflow for a variety of similardevices from different manufacturers may be similar or identical but theprecise activation actions may differ. Multiple devices may be cateredfor efficiently by essentially duplicating activation scripts butproviding device specific activation modules as needed.

[0099] The identifier may be user input or may be based on informationgained from a discovery process. Preferably each activation actioncomprises a low-level action, i.e. without complex flow control andaction flow control is defined by the script. Preferably each actioncorresponds to a defined step or unit of time. Preferably actionscorrespond to verbs of the activation scripts.

[0100] Preferably the provisioning tool has means for recordingtransactions (with a device to be provisioned such as a modem) duringactivation of a service. Preferably transactions are recorded so thatindividual transactions can be replayed, viewed or analysed. Pursuant tothe invention, it has been appreciated that this can provide asurprisingly useful insight into any network problems as compared to theconventional approach of logging internal success or error reports andmay enable configuration scripts to be optimised. This feature isparticularly useful when provided in conjunction with the scripting ofactions but may be provided independently.

[0101] A further aspect provides a provisioning tool for a broadbandnetwork comprising means for executing a sequence of actions to activatea broadband service via a client device, the provisioning tool havingmeans for recording transactions with the client device.

[0102] The provisioning tool may have means for receiving stored dataindicative of a network configuration and client data identifying theclient device to be provisioned and means for determining a sequence ofactions based on the stored data and client data. This may simplify aprocess, as compared to a conventional process in which a user specifiesnetwork components to be configured.

[0103] A further aspect provides a provisioning tool for a broadbandnetwork comprising means for receiving stored configuration dataindicative of a network configuration and client data identifying theclient to be provisioned and means for determining a sequence of actionsbased on the stored configuration data and client data. The client datamay be determined from a user interface.

[0104] The provisioning tool preferably has a graphical user interfacefor displaying a representation of at least a part of the network. Theclient data may be determined based on a user input from the graphicaluser interface. More preferably the provisioning tool has means forreceiving an input command based on the graphical user interface anddetermining at least one provisioning action in response thereto basedon the stored configuration data. In a preferred application, the inputcommand may include a drag and drop command. Preferably the provisioningtool is arranged to interpret a user action based on the graphicalinterface and the configuration data. Advantageously the provisioningtool has means for storing at least one rule or configuration script foruse in determining at least one provisioning action. The storage ofrules may facilitate generation of complex sequences of action based onsimple user inputs.

[0105] In a preferred embodiment, the invention provides a provisioningtool for a broadband network comprising means for storing arepresentation of network configuration, means for storing rulesgoverning activation actions, a (preferably graphical) user interfacefor providing a user with a representation of a network configuration,means for receiving a user input to provision a service for a client,means for processing the input based on the stored representation of thenetwork configuration and the stored rules to generate a sequence of atleast one activation action. The provisioning tool typically has meansfor performing at least one activation action.

[0106] A further aspect provides a provisioning tool for a broadbandnetwork comprising means for storing network configuration informationincluding information concerning network topology and informationconcerning configuration actions, a drag and drop graphical userinterface for receiving a user command to provision a service and meansfor generating an activation sequence containing at least one activationaction based on the received command and the stored networkconfiguration information.

[0107] The provisioning tool may have means for communicating with anagent associated with a client device to communicate configurationinformation therewith. By providing an agent on the client device,greater flexibility may be achieved and enhanced functionality may beachieved as compared to communicating directly with the client device.The agent may be independently provided.

[0108] A further aspect provides an agent for a client device in abroadband network, the agent having means for communicatingconfiguration information for the client device to a remote networkconfiguration or management tool, advantageously from a provisioningtool.

[0109] The provisioning tool may have means for communicating with anetwork inventory tool for receiving network configuration information.The network inventory tool preferably has means for discovering networkconfiguration information based on communicating with networkcomponents. The network inventory tool may (additionally, or lesspreferably alternatively) have means for receiving informationdescribing network configuration via a user interface. It is a preferredfeature of the provisioning tool aspects that the network configurationinformation includes an identifier of equipment type for at least somecomponents in the network, preferably for all components. The equipmenttype information preferably includes manufacturer and model information.This greatly enhances the flexibility of the method as actions specificfor a particular type of component may be correctly generated in anautomated fashion. This is particularly advantageous in combination withaspects which provide for selection of activation actions. Preferablythe network inventory tool has means for storing information concerning(a) equipment type identifiers for network components type and (b)interconnections between network components. Thus, as well as a userbeing able to view network topology and see which components may beaffected by a proposed action, the configuration actions may be tailoredto specific hardware equipment type. The inventory tool may beintegrated with the provisioning tool or may be provided independently.The provisioning tool and inventory tool advantageously communicate bysharing a database.

[0110] A further aspect provides a network inventory tool for abroadband network comprising means for storing network configurationinformation including first information including an equipment typeidentifier for each of a plurality of network components and secondinformation identifying interconnections between network components.

[0111] The inventory tool may be arranged to discover networkconfiguration information by interrogating network components. Theinventory tool is preferably arranged to communicate the networkconfiguration information to at least one other tool, optionally bystoring the information in a commonly accessible database. The inventorytool is preferably arranged to communicate with an agent operating on anetwork component to discover information about the network component.This may simplify operation of the inventory tool and/or increase theamount of information that the tool can discover and/or facilitateoperation with a variety of types of hardware. Agents may be configuredto operate on specific network components. The agents may beindependently provided.

[0112] A further aspect provides an agent for a network component of abroadband network, the agent comprising means for passing equipmentstatus or identification information concerning the network component toa remote network component, preferably a network inventory tool.

[0113] The agent may further comprise means for receiving aconfiguration instruction, optionally from a provisioning orconfiguration or management tool. At least a portion of the operation ofthe agent is preferably configurable by means of a script, preferably anXML script.

[0114] Preferably, the remote network component includes a provisioningtool incorporated into a broadband network.

[0115] Further preferably, the remote network component includes aplanning tool incorporated into a broadband network.

[0116] Further preferably, the remote network component includes anetwork management tool.

[0117] According to a highly preferable embodiment, at least a portionof the operation of the agent is configurable to simulate user activityat the network component. Hence different situations and scenarios ofuser activity may be simulated on demand from an operator at a remotenetwork component. This may allow the operator of the remote networkcomponent to de-bug a fault in the operation of the network component.

[0118] Preferably, the user activity comprises at least one of:

[0119] connecting to a broadband network;

[0120] verifying the identity of the user or the network component overthe broadband network;

[0121] accessing a service via the broadband network using configuredand/or preset parameters;

[0122] amending at least one preset parameter and accessing a servicevia the broadband network using the at least one amended parameter.

[0123] Preferably, the agent further comprises means for sending areport on the simulated user activity to the remote network component.

[0124] According to one preferable embodiment, the network component isa Set Top Box.

[0125] According to a further preferable embodiment, the networkcomponent is a Cable Modem.

[0126] Preferably, the agent further comprises means for accessing acommunication service and means for signalling an alarm to a remotenetwork component in the event oF detection of a fault condition. Hencethe agent may be used to monitor access of the network component to thecommunication service and report any problems with access immediately.This may reduce reliance on a user to report a fault, or a centralnetwork monitoring centre to detect the fault.

[0127] A further aspect provides a method of operating a networkcomponent of a broadband network, the method comprising passingequipment status or identification information concerning the networkcomponent to a remote network component.

[0128] The method may have preferable features corresponding to thepreferable features of the agent aspect described above.

[0129] The provisioning tool and/or inventory tool may operate inconjunction with a planning tool.

[0130] A further aspect provides a planning tool comprising a userinterface for communicating information relating to network capacity ora planned service with a user, the planning tool characterised by meansfor communicating with a provisioning tool and/or inventory tool networkor service configuration information.

[0131] In a preferred implementation, the planning tool may providemeans for defining one or more planned services based on at least oneof: location; customer profile; quality of service; networkavailability; availability of other services.

[0132] The provisioning tool is preferably arranged to operate inconjunction with a customer front end for communicating userinformation. The user information may include authenticationinformation. The user information may include an indication or selectionof one or more desired services. The provisioning tool may include meansfor re-provisioning a service based on information received from a userand/or may include means for communicating available services to a user,preferably by means of a customer front end tool.

[0133] A further aspect provides a customer front end tool for a clientdevice in a broadband network, the customer front end tool having meansfor receiving user information and communicating the user information toa remote provisioning tool.

[0134] This may facilitate configuration. The customer front end toolmay include means for communicating an identifier of the client deviceto the provisioning tool. The customer front end tool may operate overan internet connection and the internet connection may be used by theprovisioning tool in identifying the client device. The customer frontend may be arranged to enable a user to enter user authenticationinformation in the event that a client device configuration is changed,for example in the event that one device (e.g. a cable modem) is swappedfor another and/or the device is physically connected at a new location.Particularly in combination with the automatic discovery procedurementioned, this may greatly facilitate use of a service for a user whomodifies equipment as, rather than having to undergo a new manualprovisioning step each time a change is made to the location ofequipment or equipment hardware, the user need simply supplyauthentication information and the previous service can bere-provisioned to operate with the new configuration.

[0135] A further advantage of the provisioning techniques and tools isthat, because provisioning is straightforward and in preferredembodiments can be performed without end user interaction, new ormodified services can be delivered. In particular, a service may bedynamically altered by re-provisioning, or new services made availableperiodically. This may facilitate content delivery and may increaseuptake of new services.

[0136] A further aspect provides a provisioning tool for provisioning aservice in a broadband communications network having means forprovisioning a service characterised by means for storing informationrelating to a service parameter which varies with time and means foraltering a characteristic of the service based on the storedinformation.

[0137] Preferably the means for altering is arranged to re-provision theservice.

[0138] A further aspect provides a method of providing a service in abroadband communication network comprising storing information relatingto a service parameter which varies with time and periodicallyre-configuring the service based on the stored information.

[0139] A further aspect provides use of a provisioning function toeffect delivery of a communication service having at least onetime-varying service characteristic based on periodic re-provisioning ofthe service.

[0140] The time varying characteristic may include one or more ofbandwidth, quality of service, access to specified services. The timevarying characteristic may include variation at least once a week andpreferably at least once a day. The characteristic may be varied inresponse to usage or based on information from a source such as acongestion detector or a billing system, in addition to or instead of inresponse to stored data of a time characteristic.

[0141] Additionally or alternatively, a service having a time-varyingcharacteristic may be implemented based on reconfiguring a networkcomponent, preferably by communicating with an agent provided on thenetwork component, particularly wherein the network component comprisesa user access device.

[0142] The invention may provide a method of providing a communicationservice to a user via a user access device, the method comprisingdynamically remotely re-configuring the user access device to modify acharacteristic of the service delivered.

[0143] By dynamically is preferably meant online and/or while theservice is available substantially uninterrupted and/or in response to areal time input, and most preferably without operator intervention.

[0144] Services may be provided to a plurality of users and the methodmay include selectively re-configuring an individual user access deviceto modify selectively a characteristic of service for the individualuser.

[0145] Modification may be in response to stored information relating toa time varying characteristic, as aforementioned. Additionally oralternatively, modification may be in response to usage or billingsystem information—for example a service may be downgraded for a userwho is behind with payments or who has previously exceeded a usagequota.

[0146] Another advantageous use of data captured during provisioning maybe in service assurance. It can be important in offering acommunications service that the ongoing quality of service provided tocustomers can be monitored. New customers will generally have anexpectation of an acceptable quality of service and may indeed have aservice level agreement with a service provider. Existing customers willnot expect the quality of service to become degraded because othercustomers have been newly provisioned.

[0147] By sharing data, for instance by sharing a data model and accessto the same data storage, a provisioning application, working inconjunction with a service assurance application, can offer aparticularly efficient use of data for diagnostics. Service assuranceproducts may for instance receive alarm signals or data arising in useof a network to provide an identified service. Since a provisioningapplication may gather subscriber-related address data in relation toservices provisioned, the service assurance product can be enabled torelate alarm data not just to services but also to relevant servicesubscribers.

[0148] Further advantages of the methods and apparatus herein describedlie in the fact that a service provider has the physical address of auser's access device. For instance, the service provider can alsoprovide a measure of fraud management in that, if fraud is detected inassociation with an access device, the service provider can suspend orde-activate the device in relation to a service, or can downgrade thelevel of service to that device.

[0149] Also, prior to service provision, the service provider canidentify cases where a user's situation is simply not able to support aservice. For instance, where a user wants to subscribe to a Video onDemand (VoD) service over Digital Subscriber Lines (DSL), the serviceprovider can check whether the user's access device is physically closeenough to a Digital Subscriber Line Access Multiplexer (DSLAM) to havesufficient bandwidth.

[0150] Further incorporated herein are methods which correspond to theapparatus and vice versa and to computer programs and computer programproducts for implementing such methods. Preferred and optional featuresof the methods and apparatus disclosed may be applied to all othermethods and apparatus unless otherwise stated or apparent from thecontext.

[0151] Further aspects and preferred features of the invention aredescribed below:

[0152] A method of testing a broadband network, the network comprising ahead end for receiving one or more communications services from serviceproviders and transmitting the one or more services towards end userequipment, and comprising at least one node for receiving said one ormore services from the head end and delivering the service(s) towardsend user equipment, which method comprises launching a test signal tothe network at said at least one node and monitoring a response by thenetwork thereto.

[0153] The test signal may be launched by computing equipment providedat said at least one node. The test signal may be provided by an agentassociated with the node. The method may further comprise receiving oneor more control signals at said computing equipment (or agent), thecontrol signals having been transmitted over the network to control saidlaunch of a test signal. The test signal may be launched via a firstsignal path from the computing equipment (or agent) to the network andsaid one or more control signals may be received via a second signalpath from the network to the computing equipment (or agent), said firstand second signal paths being different. The first and second signalpaths may differ at least in that said first signal path comprisestransmission by a cable modem termination system. A selected one or moreof a plurality of different test signals may be used. The agent orsystem may be programmed to launch one or more test signals at one ormore predetermined times. One or more control signals may comprise meansto trigger launch of one or more test signals by the computingequipment.

[0154] In one embodiment at least one node comprises a provisioningserver, for dynamic assignment of addresses to end user equipment, andsaid test signal in use requires assignment of an address by saidprovisioning server and a monitored response comprises said assignmentof an address.

[0155] One or more of said test signals may simulate a request receivedfrom user equipment for service delivery by means of the network.

[0156] The invention may provide a method of testing a broadbandnetwork, the network comprising a head end for receiving one or morecommunications services from service providers and transmitting the oneor more services towards end user equipment, and comprising at least onenode for receiving said one or more services from the head end anddelivering the service(s) via a cable modem termination system towardsend user equipment, which method comprises transmitting a control signalto an agent or other computing means at the node, said control signalcomprising a rigger to launch a service request to the network via thecable modem termination system at said at least one node, said methodfurther comprising monitoring a response by the network to the launchedservice request.

[0157] There may be provided a node of a broadband communicationsnetwork, for receiving one or more communications services from serviceproviders and transmitting the one or more services towards end userequipment, which node comprises an agent or other programmable end usersimulation equipment for launching a service request to the network.

[0158] The node may further comprise a first signal path for deliveringcontrol signals to the simulation equipment and a second path fortransmitting a launched service request from the simulation equipment tothe network, said first and second paths being different. Then secondpath may comprise a cable modem termination system.

[0159] There may be provided a network management system comprising afault detector and fault processor for detecting faults in the networkor services provided over the network, and for analysing detected faultswith the purpose of generating solutions to the faults, wherein thesystem further comprises context sensitive help for providinginformation to the user in relation to one or more faults beinganalysed.

[0160] The context sensitive help may comprise a knowledge managementsystem having a search engine and the search engine runs a search ondata stored for the knowledge management system, said search being basedon the one or more faults being analysed.

[0161] There may be provided a communications network management system,for receiving and processing fault reports in respect of a networkand/or one or more services supported by the network, the system beingprovided with a data store for storing data in respect of said networkand/or services and processes fault reports in the light of stored datato generate corrective solutions to received fault reports, wherein thesystem is further provided with at least one simulator for requestingservice provision over the network such that the network and one or moleservices can be proactively tested. Preferably the simulator simulatesuser activity. The simulator may comprise an agent associated with anetwork component. Preferably the network is a broadband network and thesimulator is provided at a node of the network.

[0162] There may be provided a communications network management system,which system comprises:

[0163] a) an input for receiving Fault reports in respect of a networkand/or one or more services supported by a network,

[0164] b) a data store for storing data in respect of said networkand/or services,

[0165] c) a fault processor for processing fault reports received viathe input, using data stored in the data store, to generate correctivesolutions, and

[0166] d) a simulator for triggering a service provision response by thenetwork

[0167] wherein the simulator has an output to the network to trigger aservice provision response, such that a fault report in respect of saidresponse will be received at the input and processed by the faultprocessor.

[0168] The communications network management system may further comprisemeans to apply a generated corrective solution to the network and totrigger a service provision response by use of the simulator such as tovalidate the applied corrective solution.

[0169] The input for receiving fault reports may be adapted to receiveboth fault reports in respect of services provided by said network andcomponent alarms from components of said network, and said faultprocessor comprises a correlation engine for correlating received faultreports in respect of one or more services with received componentalarms.

[0170] The data store may be structured to hold one or more problemdescriptions in addition to one or more fault reports and/or one or morecomponent alarms, at least one stored problem description comprisingdata received in respect of historic component behaviour, said faultprocessor being adapted to access data received in respect of historiccomponent behaviour for use in processing fault reports to generate oneor more corrective solutions.

[0171] There may be provided a communications network management system,which system comprises:

[0172] a) an input for fault reports in respect of a network and/or oneor more services supported by a network,

[0173] b) a data store structured to store data in respect of saidnetwork and services, and

[0174] c) a fault processor for processing fault reports received viathe input to generate corrective solutions,

[0175] wherein the data store is further structured to store customerdata in relation to services and the fault processor comprises acorrelation engine for correlating received fault reports in respect ofone or more services with customer data, and wherein the fault processorfurther comprises sorting apparatus for sorting fault reports in anorder determined by correlated customer data.

[0176] A further aspect provides a service provisioning and assurancetool for use in the supply of one or more communications services to atleast one user via a network, comprising:

[0177] i. means for provisioning a service, selected by a user or userrepresentative, in relation to a hardware address of the user;

[0178] ii. means for storing data relating the selected service, thehardware address and the user;

[0179] iii. means for supplying the selected service to the hardwareaddress;

[0180] iv means for receiving one or more alarms in respect of thesupplied service; and

[0181] v. means for analyzing received alarms

[0182] wherein the means for analyzing is arranged to access the storeddata

[0183] Hence the tool can be used to provision, supply and monitor aservice to a user over a network. Analysis of alarms received mayincorporate an analysis of the present fault in view of previous faultsat that user equipment or in view of previous similar faults in othersections of the network.

[0184] Preferably, the service provisioning and assurance tool furthercomprises means for obtaining information relating to the selectedservice, the hardware address and the user fri-om components over anetwork, wherein the components include at least one of:

[0185] a DHCP server;

[0186] an agent associated with user equipment, wherein the userequipment may comprise a Set Top Box or a Cable Modem;

[0187] a system database;

[0188] a Cable Modem Termination System.

[0189] Preferably, the service provisioning and assurance tool furthercomprises display means for displaying at least one of:

[0190] parameters corresponding to the configuration of a service for aparticular user;

[0191] information regarding use of a service by a particular user orgroup of users;

[0192] information regarding the provisioning and performance of aparticular service;

[0193] and wherein the display means further comprises means foradjusting parameters corresponding to the configuration of a service fora particular user.

[0194] Hence an operator may use the tool to analyse the setup and useof a particular item of user equipment, and may, for example byaccessing a secure area of the operator interface, alter parameterscorresponding to service provision for a particular user.

[0195] According to a highly preferable feature, there is furtherprovided means for configuring an agent associated with the userequipment to test at least one aspect of service provision by simulatinguser activity at the user equipment.

[0196] Hence the functionality of user equipment may be tested remotelyby using the tool to configure an agent associated with the userequipment. This may mean that it is not necessary for an operator orengineer to go to the user equipment in order to test it.

[0197] Preferably, there is further provided means for amending serviceprovision parameters for a particular item of user equipment and meansfor configuring the agent to simulate user activity at the userequipment using the amended parameters.

[0198] The functionality of the system may also be tested with amendedparameters. Hence it may be possible for a network engineer, or operatorto solve problems with the users equipment remotely by changing serviceparameters for the user and testing the new parameters using the agentassociated with the user equipment.

[0199] According to a further preferable feature, the serviceprovisioning and assurance tool further comprises:

[0200] means for receiving information from the agent regarding thesimulation of user activity at the user equipment;

[0201] in the case of successful provision of a service, means fortransferring the amended service provision parameters for the user tothe system database.

[0202] This may allow any successful amendment to the parameters to bedetected by the tool. The amended parameters may then be saved in diesystem database for that user.

[0203] According to a further aspect, there is also provided a methodcorresponding to the service assurance tool described above withcorresponding preferable features.

BRIEF DESCRIPTION OF DRAWINGS

[0204] The provisioning of services in a communications network and themanagement of such a network will now be described further, by way ofexample only, with reference to the accompanying drawings in which:

[0205]FIG. 1 is a schematic diagram of a network environment forprovisioning apparatus in accordance with one example of the system andmethods herein described;

[0206]FIG. 2 is a schematic diagram of message flow in provisioningapparatus carrying out provisioning according to one example of thesystems and methods herein described;

[0207]FIG. 3 is a schematic diagram of an architecture for a servicemanagement system using the provisioning apparatus of FIGS. 1 and 2;

[0208]FIG. 4 is a schematic diagram of message flow in provisioningapparatus carrying out provisioning according to a further example ofthe systems and methods herein described;

[0209]FIG. 5 is a schematic diagram of an initial set-up of a networkenvironment for provisioning apparatus in accordance with a furtherexample of the system and methods herein described;

[0210]FIG. 6 is a schematic diagram of a network environment forprovisioning apparatus in accordance with the example illustrated inFIG. 5 after a new customer edge router has been added to the networkaccording to an example process;

[0211]FIG. 7 is a schematic diagram of a network environment forprovisioning apparatus in accordance with the example illustrated inFIG. 5 or 6 after a new customer edge router has been added to thenetwork according to a further example process;

[0212]FIG. 8 is a schematic diagram of a network environment forprovisioning apparatus in accordance with the example illustrated inFIG. 5, 6 or 7 after a new customer edge router has been added to thenetwork according to a further example process;

[0213]FIG. 9 is a schematic diagram of an initial topology of thenetwork environment for provisioning apparatus, before modification hastaken place, according to an example of the system and methods hereindescribed;

[0214]FIG. 10 is a schematic diagram of a final topology of the networkenvironment for provisioning apparatus, after modification has takenplace, according to an example of the system and methods hereindescribed;

[0215]FIG. 11 is a schematic diagram of how the Sct-Top Box Managerapplication may be incorporated into a network environment forprovisioning apparatus according to one embodiment of the systems andmethods herein described;

[0216]FIG. 12 is a schematic diagram of an example of a Set-Top BoxManager screen display according to one embodiment of the systems andmethods herein described;

[0217]FIG. 13 is a schematic diagram of an example of a further Set-TopBox Manager screen display according to one embodiment of the systemsand methods herein described;

[0218]FIG. 14 is a schematic diagram of an example of a further Set-TopBox Manager screen display, which may be used to show ‘Audit’information, according to one embodiment of the systems and methodsherein described;

[0219]FIG. 15 is a schematic diagram of a ‘Connection Window’ screendisplay according to one embodiment of the systems and methods hereindescribed;

[0220]FIG. 16 is a schematic diagram of an ‘Install’ Results List Panelscreen display according to one embodiment of the systems and methodsherein described;

[0221]FIG. 17 is a schematic diagram of a ‘Forward Path’ Results ListPanel screen display according to one embodiment of the systems andmethods herein described;

[0222]FIG. 18 is a schematic diagram of a ‘Reverse Path’ Results ListPanel screen display according to one embodiment of the systems andmethods herein described;

[0223]FIG. 19 is a schematic diagram of a ‘Resources’ Results List Panelscreen display according to one embodiment of the systems and methodsherein described;

[0224]FIG. 20 is a schematic diagram of an example of a further Set-TopBox Manager screen display, which may be used to show ‘Audit’information, according to one embodiment of the systems and methodsherein described;

[0225]FIG. 21 is a schematic diagram of a Set-Top Box Manager Top Baraccording to one embodiment of the systems and methods herein described;

[0226]FIG. 22 is a schematic diagram of a one embodiment of thearchitecture of the Set-Top Box Manager;

[0227]FIG. 23 is a schematic diagram of a Cable Modem Manager integratedinto a distributed system according to one embodiment of the systems andmethods herein described;

[0228]FIG. 24 is a schematic diagram of a technical architectureoverview of the Cable Modem Manager according to one embodiment of thesystems and methods herein described;

[0229]FIG. 25 is a schematic diagram of a screen display which may begenerated by the Cable Modem Manager to display data according to oneembodiment of the systems and methods herein described;

[0230]FIG. 26 shows a schematic view of where the network managementsystem sits in relation to interfaces for use by users, includingcustomers, service operators and network operators, and the services andnetwork elements being managed;

[0231]FIG. 27 shows a schematic view of the primary components of thenetwork management system;

[0232]FIG. 28 shows a more detailed view of components of the networkmanagement system together with tools and other systems with which itinteracts;

[0233]FIG. 29 shows a simulator for use in the network management systemof FIG. 26 and its connection into a network to be tested;

[0234]FIG. 30 shows a screen view from a graphical user interfacereviewing an alarm by means of the network management system, withaccess available to a knowledge management system for further analysis;

[0235]FIG. 31 shows a screen view from a graphical user interfacereviewing an alarm in terms of user impact;

[0236]FIG. 32 shows a screen view from a graphical user interfacereviewing an alarm with reference to its network location, with accessavailable to the knowledge management system for further analysis;

[0237]FIG. 33 shows a screen view from a graphical user interfaceproviding equipment information, with access available to a knowledgemanagement system for further analysis;

[0238]FIG. 34 shows the options available for a screen view layout asshown in FIG. 33;

[0239]FIG. 35 shows a screen view from a graphical user interfaceproviding an alarm list with access to the knowledge management systemfor further analysis of selected alarms;

[0240]FIG. 36 shows a screen view similar to that of FIG. 30 in whichthe knowledge management system has been accessed for further relevantinformation;

[0241]FIG. 37 shows the options available for a screen view layout asshown in FIG. 36;

[0242]FIG. 38 shows a login screen for a user accessing the knowledgemanagement system;

[0243]FIG. 39 shows a screen view available to a user of the knowledgemanagement system;

[0244]FIG. 40 shows a further screen view available to a user of theknowledge management system;

[0245]FIG. 41 shows the options available for a screen view layout asshown in FIG. 39 or 40;

[0246]FIG. 42 shows a network context for the network management systemin which a global infrastructure provider controls the end-to-endnetwork;

[0247]FIG. 43 shows a network context for the network management systemin which a service provider uses the network management system tocontrol the service provider's part of the network;

[0248]FIG. 44 shows a sample Hybrid Fibre-Coax manager deploymentaccording to one embodiment of the systems and methods described herein;

[0249]FIG. 45 illustrates CMTS router and CMTS card relationshipsaccording to one embodiment of the systems and methods described herein;

[0250]FIG. 46 shows an HFC manager user interface overview for apreferred embodiment of the systems and methods described herein;

[0251]FIG. 47 illustrates a Knowledge Management System integrated withImagine Service Emulation Agent modules according to one embodiment ofthe systems and methods described herein;

[0252]FIG. 48 illustrates a graphical User Interface structure for apreferred Knowledge Management System according to one embodiment of thesystems and methods described herein;

[0253]FIG. 49 is an XML section of command script for the switchconfiguration for use with a preferred ISEA according to one embodimentof the systems and methods described herein;

[0254]FIG. 50 is an XML section of command script for a cable modemconfiguration for use with a preferred ISEA according to one embodimentof the systems and methods described herein;

[0255]FIGS. 51a and 51 b are an XML sections of command script for ascheduler manager configuration for use with a preferred ISEA accordingto one embodiment of the systems and methods described herein;

[0256]FIG. 52 is an XML section of command script for a DHCP protocolconfiguration for use with a preferred ISEA according to one embodimentof the systems and methods described herein;

[0257]FIGS. 53a and 53 b are an XML sections of command script for usewith a preferred ISEA to configure a scenario named ‘Test’ for onelocation, containing three services; provisioning, internet access, mail(ISP) according to one embodiment of the systems and methods describedherein;

[0258]FIG. 54 is a continuation of the XML section of command script ofFIGS. 53a and 53 b according to one embodiment of the systems andmethods described herein;

[0259]FIG. 55 illustrates scenario organization for an ISEA according toone embodiment of the systems and methods described herein;

[0260]FIG. 56 shows a preferred hardware architecture for an ISEAaccording to one embodiment of the systems and methods described herein;

[0261]FIG. 57 illustrates the six key components comprising a preferredISEA architecture according to one embodiment of the systems and methodsdescribed herein;

[0262]FIG. 58 illustrates one embodiment of the scenario organisationfor a HSD agent according to one embodiment of the systems and methodsdescribed herein;

[0263]FIG. 59 is a schematic diagram of the IP address managerintegrated into a service assurance suite according to one embodiment ofthe systems and methods described herein;

[0264]FIG. 60 is a schematic diagram of an overview of one embodiment ofthe architecture of the VPN service assurance suite;

[0265]FIG. 61 illustrates one embodiment of the operation of an agent onprovisioning of a new PE-CE link;

[0266]FIG. 62 illustrates one embodiment of the architecture of theConfiguration Manager and the integration of the Configuration Managerinto a VPN provisioning network;

[0267]FIG. 63 illustrates how a VPN provisioning system may beincorporated into a network according to one embodiment of the systemsand methods described herein;

[0268]FIG. 64 illustrates one embodiment of the OSS database with thehigh availability cluster in active-active mode.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

[0269] Provisioning

[0270] Discovery of Device Details for Use in Provisioning

[0271] Referring to FIG. 1, a network environment in which provisioningapparatus might be used is a cable network providing broadband services.User terminals 100 such as PCs are connected to a cable network viamodems 105. A cable modem termination system 120 connects the modems 105to an access concentrator 125 which in turn is connected at or via a hub115 of the network to a DHCP server 130.

[0272] The network hub 115 is connected over a collection network 140 toa regional head end 165 for the network and an Internet Service Provider(ISP) platform 190 is connected to the regional head end 165 by a corenetwork 160. The ISP platform 190 also has access to the Internet 170and may provide services from an Internet-based server 175 and/or from aserver 185 within its own platform 190.

[0273] Importantly, in an open access environment, there may be serviceprovider platforms 190 which only have connection to the cable networkvia the Internet 170.

[0274] In a known provisioning arrangement, when a new access device 105is added to the cable network, at a hardware address in the network, theDHCP server 130 will allocate it an Internet Protocol (IP) address. TheDHCP server 130 maintains a record of the allocated 1P addresses mappedagainst the hardware addresses.

[0275] If a user now wishes to subscribe to a new service, using thesame access device 105, the relevant service provider needs to know thehardware address in order to provision the new service to that user andthe hardware address can be obtained from the DHCP server 130 using aDHCP lease query message, as long as the user's access device IP addressis known.

[0276] One way of enabling service provisioning can be done in responseto a user's request over the Internet. In FIG. 1, the user may use theiruser equipment 100, connected to an access device 105, to access aninteractive Web interface of the service provider's, installed on anInternet host 175. The Web interface will automatically pick up an rPaddress for the user's access device 105 which the service provider canuse in querying the DHCP server 130 from their ISP platform 190.

[0277] Referring to FIG. 2, in more detail, the ISP platform 190comprises a provisioning server 180 which supports a provisioning module205 and a query module 200. When the user interacts with the Webinterface to request a new service, the query module receives (Step 210)an IP address associated with the user's access device 105 from the Webinterface, for instance in the form “000.nnn.mmm. 111”. The query module200 formulates a DHCPLEASEQUERY message containing the IP address andsends it (Step 215) to the DHCP server 130 which returns (Step 220) aDHCPACK response packet from which the user's hardware address (MACaddr)is extracted by the query module 200 and passed (Step 225) to theprovisioning module 205. The provisioning module, having a hardwareaddress for the user's access device, can then perform provisioning in aconventional manner.

[0278] An exemplary method of operation will now be summarised.

[0279] (A) A user visits a website hosted on an ISP server 175 andrequests a new service. This request contains the user's IP address andidentifies the service requested. The request is communicated to theservice provider's Web interface which communicates the request or aportion thereof to a provisioning application on a provisioning server180. The Web interface may be a part of the provisioning application, itmay be separate but run on the same server, or it may run on a separateserver altogether.

[0280] (B) The provisioning application receives the request (Step 210),performs validation as required and formulates a DHCPLEASEQUERY messagecontaining the IP address to send (Step 215) to an appropriate DHCPserver 130. In FIG. 2, the query is formulated by a specific querymodule 200, but this may be integrated seamlessly into the provisioningapplication.

[0281] (C) The DHCP server 130 receives the message and returns (Step220) the appropriate MAC address. If the DHCP server does not supportDHCPLEASEQUERY or does not have the information then either no responsewill be sent or a null response, according to the circumstances and theDHCP protocol.

[0282] (D) The provisioning application processes the response packet,if any, and extracts a MAC address, if possible. In the event that theprovisioning application cannot obtain a response from any DHCP server,then it must revert to other methods of obtaining a MAC address, forexample by requesting the user to supply it. Even if it is available,the user may be requested to verify the information obtained.

[0283] (E) Provisioning is carried out as required, using the MACaddress obtained to enable provision of the new service to the user(Step 230) via the relevant access device; the remainder of theprovisioning process may correspond to or be based on a knownprovisioning process.

[0284] The DHCP Lease Query protocol will be available to those skilledin the art and so is not described in detail. A list of drafts of theInternet Society may be found athttp://www.ietf.org/ietf/lid?abstracts.txt. However, the following mayassist in understanding the background and explaining the novel use madeof this low level query, which was intended for use by accessconcentrators such as routers and not previously contemplated for use inprovisioning applications.

[0285] Background to DHCPLEASEQUERY

[0286] The DHCPLEASEQUERY message is a new DHCP message type transmittedfrom a DHCP relay agent to a DHCP server. It is intended that aDHCPLEASEQUERY-aware relay agent would send the DHCPLEASEQUERY messagewhen it needed to know the location of an IP endpoint. TheDHCPLEASEQUERY-aware DHCP server would reply with a DHCPKNOWN orDHCPUNKNOWN message. The DHCPKNOWN response to a DHCPLEASEQUERY messagewould allow the relay agent to determine the IP endpoint location, andthe remaining duration of the IP address lease.

[0287] Query by IP Address:

[0288] The system and methods herein descried may make use of thisfeature, which will be summarised briefly. (Words in capital letters arekeywords which can be interpreted as described in the IETFs RFC 2119.)

[0289] For this query, the client passes an IP address to the DIICPserver which returns any information that it has on the most recentclient to use that IP address. Any server which supports theDHCPLEASEQUERY message MUST support query by IP address. If an IPaddress appears in the client IP address (“ciaddr”) field, then thequery MUST be by IP address regardless of the contents of the MACaddress or client-id option (if any).

[0290] Definition of MAC Address

[0291] In the context of a DHCP packet, a MAC (Media Access Control)address consists of the fields: hardware type “htype”, hardware length“hlen”, and client hardware address “chaddr”.

[0292] Sending the DHCPLEASEQUERY Message

[0293] Although it is envisaged in the draft protocol that aDHCPLEASEQUERY message would typically be sent by an accessconcentrator, in fact, in this embodiment, the message will be sent (orcaused to be sent) by a provisioning application. The DHCPLEASEQUERYmessage uses the DHCP message format as described in [RFC 2131], anduses message number TBD in the DHCP Message Type option (option 53). TheDHCPLEASEQUERY message has the following pertinent message contents:

[0294] The gateway address (giaddr) MUST be set to the IP address of therequestor (i.e. the server running the provisioning application). Thegiaddr is independent of the ciaddr to be searched; it is simply thereturn address for the DHCPKNOWN or DHCPUNKNOWN message from the DHCPserver.

[0295] The Parameter Request List SHOULD be set to the options ofinterest to the requestor.

[0296] The Reservation bit in the “flags” field of the DHCP packet (see[RFC 2131]) is used to specify if the response should includeinformation encoded into reservations.

[0297] Specifically for Query by IP Address:

[0298] The values of htype, hlen, and chaddr MUST be set to 0.

[0299] The ciaddr MUST be set to the IP address of the lease to bequeried.

[0300] The client-id option (option 61) MUST NOT appear in the packet.

[0301] Processing the Response

[0302] If the DHCP server has information about the most recent deviceassociated with the IP address specified in the ciaddr, then the DHCPserver MUST encode the physical address of that device in the htype,hlen, and chaddr fields. Otherwise, the values of htype, hien, andchaddr MUST be set to 0 in the DHCPKNOWN packet.

[0303] Thus, to extract the physical address, the provisioningapplication need simply read the htype, hlen and chaddr fields in aresponse packet. In the case of a cable modem, the MAC address isobtained and, in the case of a DSL modem, the PVC ID is obtained.

[0304] Referring to FIG. 3, the network environment in which servicesare administered and delivered can be complex. It may be that theservice provider's platform 190 is directly connected to the network towhich the user's access device 105 is connected. In this case, theprovisioning server 180 can easily send a DHCP Lease Query message tothe DHCP server 130 for the relevant network. However, in an open accessenvironment, it may be that the network is actually one of many whichcould be used by a service provider. In this environment, each broadbandnetwork may have an associated management platform comprising an accessdevice manager, e.g. a cable modem manager 330 such as a cable modemtermination system, and an address server of some sort which might bemanaged centrally for instance by a Cable Network Registrar (CNR) 340 asone of several network address servers across several networks. The CNR340 may then have access over a core network to various address-relatedplatforms, such as DHCP servers 130 and Domain Name Servers (DNS). Thecore network will also be connected to the Internet 170.

[0305] An environment of this type is described in “IntegrationSolutions Guide for Managed Broadband Access Using MPLS VPNs forMultiService Operators”, published by Cisco on the Internet at:http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/mplscabl.htm.

[0306] Since multiple ISPs will have access to the same networks, a wayin which such an environment might be managed is that each ISP has itsown set of IP addresses and effectively its own Virtual Private Network(VPN) which may in practice be supported by several separate broadbandnetworks. Whenever a user's access device such as a cable modem 105 isassigned an IP address belonging to a particular ISP, that cable modemalong with all of the devices 100 connected to its Ethernet port areplaced into that ISP's VPN. Thus, the user's PC can acquire an IPaddress in the ISP's address range directly from the ISP's DHCP servervia the CNR 340.

[0307] It is known in an environment of this general type, providingmanaged broadband access via logical separation, to use tunnelling forcommunication between an ISP's platform and the management platformsupporting the CNR 340. The use of this tunnelling may be extended toallow a provisioning server 180 of the ISP to obtain user access devicehardware addresses via the CNR 340 of that management platform. Thesteps of FIG. 2 can be repeated but the DHCP Lease Query message will besent (Step 215) and acknowledged (Step 220) using a tunnelling protocolover a network such as the Internet itself, or another network such amanagement core network using the Internet Protocol.

[0308] Referring again to FIG. 3, once a service provider can obtain anaccess device hardware address for a user's service provision, there areseveral potential benefits which the service provider can exploit inrelation to individual access devices. The service provider can providevarious backend services via an application server 185 and can interfacevia middleware 315 to a workflow engine 310 and a subscriber-managementsystem 305. The following are examples of potential benefits:

[0309] end-to-end self provisioning for the user, includingdeprovisioning

[0310] using a single interface and PIN for provisioning

[0311] open access provisioning

[0312] resource management

[0313] fraud management

[0314] As mentioned above, the auto-discovery by the service providerplatform of the user's access-device hardware address on serviceprovisioning removes the need for the consumer to enter the physicaladdress of an access device manually. The use of the hardware address ofthe access device means that the consumer devices don't have to beprovisioned individually which provides greater flexibility in handlinglifetime scenarios. For example, a user can change, upgrade his/her PCwithout having to go through the whole provisioning process.

[0315] Further methods and apparatus herein described can also simplifyde-provisioning. The consumer can self de-provision services byaccessing the interactive Web interface of the relevant serviceproviders, installed on an Internet host 175, and using substantiallythe same process as described above but now to de-provision the service.In this case, the Query Module 200 and Provisioning Module 205 of theISP's provisioning server 180 will again query the relevant hardwareaddress server, such as a DHCP server 130, but the provisioning module205 will de-provision the service in place of provisioning it as before.

[0316] By providing a simple authentication routine in, or accessibleby, the provisioning module 205, service provisioning andde-provisioning can be done through a single Web interface 175, using aPIN and thus providing again greater flexibility. The same interface andapplication can then be used not only to provision multiple differentservices, over multiple end user termination devices 100, but also formultiple subscribers and/or users.

[0317] By using a tunnelling protocol, an open access business model canbe supported, which enables both a retail model (i.e. “plug and play”type provisioning of off-the-shelf access devices) and/or a wholesalebusiness model (provision of services that are external to a managementnetwork which may again be external or independent of broadband networksused for the actual service provision). Since the service provider canauto-discover the access device identity, pre-provisioning is notrequired and any access device can be provisioned, whatever its origin.This tunnelling feature for provisioning means that service providersexternal to the broadband network itself can host their ownservice-provisioning in-house but through the operators network.

[0318] Through integration with a capacity management, or serviceassurance product, for instance accessible via the middleware 315 of theservice provider's platform, the service provider can check that therelevant network resources are capable of handling the quality ofservice requested by the customer. To do this, the service providerneeds to keep track of all the potential services to be delivered so asto aggregate at least loosely all impacted service levels and thusdetermine the potential risk and probability of resource congestion atpeak time.

[0319] For example, if network equipment X serves 10,000 users with aback-plane capacity of 2 GB, then the service provider should only sell80% of the equipment capabilities and only through a mix of various ofqualities of service (QoS). A Gold service could be based on a capacityof 2 Mbps, a Silver service would be 1 Mbps, a Bronze service would be512 Kbs and a standard service would be 256 Kbps. Then the serviceprovider needs to aggregate the content of all the service agreementsentered into so as not to exceed the utilisation threshold decided bythe operator. This will generally need to be adjusted to reflect peakusage time and other relevant factors.

[0320] When a customer uses self-provisioning, this aggregation mayremain important. Although the service provider may not control everynew instance of service provision, it remains important (or indeed ismore so) that the service provider maintains a database and software tomonitor service provision. Means to maintain such a database andsoftware are already known. However, another aspect which arises withself-provisioning is ongoing service monitoring.

[0321] New customers will generally have an expectation of an acceptablequality of service and will often have a form of service level agreementwith a service provider. Existing customers will not expect the qualityof service to become degraded because other customers have been newlyprovisioned.

[0322] By sharing data, for instance by sharing a data model and accessto common data storage, a provisioning application working inconjunction with a service assurance application may offer aparticularly efficient use of data for diagnostics. The inventionindependently provides a method comprising sharing a data model betweena provisioning application and a service assurance application,preferably dynamically, and further independently provides use of acommon data model in a plurality of communications applicationsincluding at least two of: provisioning, service assurance, planning,inventory management, and network management. Service assurance productsmay for instance receive alarm signals or data arising in use of anetwork to provide an identified service. Since a provisioningapplication may gather subscriber-related address data in relation toservices provisioned, by sharing access to that data the serviceassurance product can be enabled to relate alarm data not just toservices but also to relevant service subscribers.

[0323] Referring further to FIG. 3, the service provider's platform 190may be provided with a database accessible to several applicationsincluding backend services 185 and subscriber management 305 via themiddleware 315. Except perhaps for services paid in advance, when asubscriber triggers provisioning of a new service for instance by meansof a self-provisioning module 180, it is usually necessary that thesubscriber provides identification, at least in the form of a billableaccount number, as well as identifying the service to be provided. Ifthe provisioning module 180 writes this information to the database, itis relatively simple to give access to the same information for aservice assurance application, particularly if they share the same datamodel. This represents a very convenient way to support analysis ofservice problems during use of a network in relation to individualcustomer accounts.

[0324] Tools for monitoring performance of networks and services in useare known, such as the Micromuse Netcool products.

[0325] An advantage of the service provider having knowledge of theaccess device address is that the service provider can determine theserviceability of the customer before trying to provide a service. Thisstep can be used to ensure that the operator infrastructure canphysically deliver services to the client since the service providerwill be able to detect at least some shortcomings in the customersarrangement. For instance, if a customer wishes to subscribe to a VoDover DSL service, the service provider is enabled to check whether thecustomer's access device is actually physically close enough to a DSLAccess Multiplexer (DSLAM) and that there is therefore enough bandwidth.The MAC address contains information on hardware type and thisinformation is also therefore available to the service provider for usein checking serviceability.

[0326] The use of a limited IP scope at initial activation time limitsgreatly fraud by preventing an un-authorised access modem to accessservices. However, through management of the IP address scheme andphysical address of the access devices, whether based on the MAC addressof a cable modem or management of the PVC in the case of a DSL modem, itis possible for the service provider to detect the origination offraudulent activity and to take action to avert the fraud for instanceby suspending or de-activating service provision to the offender, or bydowngrading level of service.

[0327] The methods and apparatus herein described can be used inrelation to many different services, access networks and CPE types. Forinstance, the following can be supported:

[0328] IP Data Access

[0329] Service on Demand (video or games, i.e., any pay-per-use services. . . )

[0330] TV broadcast

[0331] Voice over IP

[0332] Cable networks (DOCSIS and DAVIC)

[0333] XDSL

[0334] Wireless Local Loop (WLL)

[0335] Fibre-to-the-Home (FITH)

[0336] Personal Computers

[0337] Set Top Boxes (STBs)

[0338] Personal Digital Assistants (PDAs)

[0339] mobile phones.

[0340]FIG. 4 illustrates a further example of message flow inprovisioning apparatus carrying out provisioning according to anembodiment of the systems and methods herein described.

[0341] Each feature disclosed may be provided independently, unlessotherwise stated. In summary, the provisioning of communicationsservices may be facilitated by a self-provisioning application which, inpreferred applications, can operate with off the shelf access devices,such as cable modems, is disclosed; this makes use of an existing IPaddress to discover a unique “physical” address (e.g. MAC address for acable modem or PVC ID for a DSL modem) thereby avoiding the need for auser or specialised user software to communicate the physical address ofthe access device prior to provisioning. A low level command,particularly DHCP lease query, is preferably used to obtain a hardwareaddress for use in provisioning of a new broadband service based on auser's existing IP address. Provisioning may be based on the accessdevice physical address. The provisioning application may communicatewith a capacity management application. It may also, or instead, share adata model and data storage with a service assurance application toenable data captured during service provision to be used in alarmanalysis after a service has been provisioned and is in use.

[0342] Application to VPN MPLS

[0343] The systems and methods of the provisioning system and methodsdescribed herein will now be illustrated further by the followingdescription of an Internet Infrastructure Provider (IIP) specificVirtual Private Network (VPN) Multiprotocol Label Switching (MPLS)provisioning system. This system is described by way of example only andthe description is not intended to be limiting in any way. The terms“subscriber” and “customer” may be used in the following description todenote potential users of the system.

[0344] The test set up described below uses a plurality of simulatedcustomers at geographically distinct sites and demonstrates many of theadvantageous features which may be achievable in a typicalimplementation.

[0345] In the initial scenario for this example system, illustrated inFIG. 5, the core MPLS network has been set-up with 3 Points of Presence(POPs) 502, 504, 506:Antibes POP 504 has one Provider Edge (PE) router508 with an ISEA VPN 510.

[0346] PE3 508 has a VRF (a VPN Routing and Forwarding device) forCustomer A's Antibes/St Claude site 512 connected via serial interfaceto a C1700 Customer Edge (CE) router 514.

[0347] Sophia Antipolis POP 502 has 2 PE routers 516, 518. ISEA 520 isconnected to both PE routers.

[0348] PE2 516 has a VRF for Customer A's Sophia Antipolis/Les Genetssite 522 connected via Fast Ethernet to a C1700 CE router 524.

[0349] PE4 518 is connected to an ATM switch and to a DSLAM (DigitalSubscriber Line Access Multiplexer). There are no VPN customers yet.

[0350] Nice POP 506 has one PE router 526 with no ISEA MPLS.

[0351] PE1 526 has a VRF for Central ISP services site 528 connected viaFast Ethernet to a C1700 CE router 530. A web/email server 532 islocated behind the CE router.

[0352] Customer A has already been provisioned using IIP VPN. Customer Ahas 2 sites

[0353] A primary CE A1 site located in Antibes/St Claude 512 connectedto Antibes POP 504.

[0354] A secondary CE A2 site located in Sophia Antipolis/Les Genets 522connected to Sophia Antipolis POP 502.

[0355] An example of the process of connecting a new CE router to thenetwork in a new VPN with access to the centralised services web serverand management VPN will now be described with reference to FIG. 6, whichsummarises an example network topology. In this example, all actions arecarried out through the MPLS console/Graphical User Interface (GUI).

[0356] 1. A new customer called “Customer B” is created using theconsole.

[0357] 2. A new VPN is created for “Customer B” using the console

[0358] 3. A new primary CE site called “Antibes Garoupe” 602 is addedfor Customer B with ISEA monitoring (Ethernet 802.1Q sub-interface).

[0359] 4. An interface is provisioned on the PE router 508 for the PE-CElink

[0360] 5. A minimal “IP only” configuration file is created for the CErouter 604.

[0361] 6. The configuration file is manually loaded onto the CE router604 and it is plugged in.

[0362] 7. When IP connectivity is established to the CE 604 theVPN/routing/CoS config file is downloaded to the router. Thisdemonstrates the advantageous feature of the provisioning system inpreparing configuration files.

[0363] 8. Customer B may then connect a PC behind CE router 604 andaccess centralised services.

[0364] By way of example, FIG. 7 summarises the VPN topology andillustrates the process of connecting a new CE router 702 to the networkin a new VPN with access to the centralised services web server andmanagement VPN. In this example, all actions can be carried out throughthe MPLS console/GUI.

[0365] 1. A new secondary site called “Sophia Antipolis ADSL” 704 isadded for Customer B (where ADSL indicates an Asynchronous DigitalSubscriber Line).

[0366] 2. An interface (ATM sub interface) in a VRF is provisioned onthe PE router 518 for the PE-CE link with ISEA monitoring (Ethernet802.1 Q sub-interface).

[0367] 3. The full CE router configuration is provided to the customervia a File Transfer Protocol (FIP) download.

[0368] 4. The configuration file is manually loaded to the CE ADSLrouter 702 and it is rebooted.

[0369] 5. Customer connects a PC behind ADSL CE router and accessescentralised services.

[0370] The phase PE-CE link parameters for the CE router 702 added inabove may be modified according to the following example procedure:

[0371] 1. In the MPLS console/GUI, browse to the PE-CE link editionscreen.

[0372] 2. Edit the Class of Service (CoS) of the Ethernet PEACE link bychoosing a Diffserv class and sub class and applying this to theEthernet interface

[0373] 3. Deploy the configuration to the PE4 518 and CE B2 702 routers

[0374]FIG. 8 illustrates an example of a VPN physical topology in whicha new CE router 802 may be connected to the network in a new VPN withaccess to the centralised services web server. In this example, allactions may be carried out through a batch file using the VEA.

[0375] 1. A new secondary site called “Valbonne ADSL” 804 is added forCustomer B.

[0376] 2. An interface (ATM sub interface) in a VRF is provisioned onthe PE router 518 for the PE-CE link with ISEA monitoring (Ethernet802.1 Q sub-interface).

[0377] 3. The full CE router configuration is provided to the customervia FTP download.

[0378] 4. The configuration file is manually loaded to the CE ADSLrouter 802 and it is rebooted.

[0379] 5. Customer connects a PC behind ADSL CE router 802 and accessescentralised services.

[0380] VPN topology may also be modified. An example of a process inwhich VPN B's topology is modified will be described below. FIG. 9summarises the VPN logical topology of the present example before themodification.

[0381] By way of example, Customer B has expressed a requirement thatsite B3 804 (currently secondary) is now becoming one of his majoroffices/data centres and it must be able to communicate with all primaryand secondary sites in the network. In order to modify the topologyaccordingly, the following process may be implemented:

[0382] 1. In VPN console/GUI go to the properties of site B3 804.

[0383] 2. Change the status of site B3 from secondary to primary.

[0384] 3. The topology change is applied to the network elements.

[0385] 4. With a PC connected behind B3 804 show that all sites (B1 602,B2 704) can be pinged.

[0386]FIG. 10 summarises the VPN logical topology after themodification.

[0387] Communications Network Management System

[0388] The provisioning system and methods described above may also beimplemented in conjunction with a communications network managementsystem, which may find particular but not exclusive application inmanagement of systems supporting broadband services.

[0389] With the advent of higher transmission capacity networks, andparticularly for instance broadband networks, network operators have tomanage more and more complex infrastructure and to keep analways-increasing number of services up and running. As a result,subscriber satisfaction can drop if they perceive deficient servicemanagement and there is more subscriber “churn”. Meanwhile, theoperators already have to invest more in their operation support teams,taking on more people and/or improving the skills their people have.Hence it is a challenge to be able to provide cost effective managementof complex services.

[0390] The sort of complexity involved is demonstrated by the servicesit may be important to support. For instance, these may include digitalmultiplexes of entertainment video, high speed connections with theInternet and local servers via cable modems, commercial enterprise LocalArea Networks and Wide Area Networks, personal communication servicesover cable and telemetry, as well as traditional analogue TV.

[0391] The supporting “cable” network technology may also be complex,based partially on fibre as well as on coaxial cable. A typicalarchitecture for a network operator might be a hybrid fibre coaxial(HFC) architecture in which there is a head end, where all the signalsources are collected and processed, connected for distribution over afibre backbone to primary hubs, comprising switches or routers, which inturn distribute to secondary hubs which in turn distribute to fibrenodes. The fibre nodes convert the communications to radio frequency anduse coaxial cable to reach the end-users who may be corporate orprivate. The head ends and hubs will also distribute to their localvicinities.

[0392] In the broadband domain, Such as services offered over cablenetworks, there are characteristics which differentiate today's servicesfrom those traditionally offered over telephone networks. For instancehigh speed data is often transmitted over always-on connections tocustomer personal computers (PCs) using cable modems (CMs). This meansthat cable operators need to provide a network which is workingcorrectly throughout every day of every week to meet performancerequirements compatible with service level agreements with customers.The always-on connection is vulnerable to non-subscribers trying to getfree connections and the computer access is vulnerable to hackers.

[0393] Automated fault management tools are known but tend to be focusedon equipment, tools and mechanical problems rather than trying to solveproblems at other levels of customer service. Meanwhile, as customerexpectation and competition in the market increase, operators are underpressure to offer not just consistent and high quality services to manycustomers using different types of customer equipment but also to takeinto account fraud and security management.

[0394] According to an aspect of the present invention, there isprovided a communications network management system, which systemcomprises:

[0395] a) an input for fault reports in respect of a network and/or oneor more services supported by a network,

[0396] b) a data store for storing data in respect of said network,and/or services,

[0397] c) a fault processor for processing fault reports received viathe input, using data stored in the data store, to generate correctivesolutions, and

[0398] d) a simulation engine for simulating one or more serviceinstances wherein the simulation engine has an output to the network totrigger provision of said one or more service instances, such that afault report in respect of said provision will be received at the inputand processed by the fault processor.

[0399] The simulation engine can be used in embodiments of the presentinvention in providing service assurance to the end user by intelligentmonitoring of complex platforms. In particular, the simulation enginecould be used either proactively, to run test service instances, or tovalidate the result of applying a corrective solution which has beengenerated by the fault processor. The simulation engine may beimplemented by one or more agents running on a network component, forexample a user access device such as a cable modem, or a switch orrouter or access concentrator.

[0400] The manner in which corrective solutions are generated is ofcourse important, particularly in respect of the level at which they aretargeted. It could be easy to meet the requirements of a received faultreport but to fail to diagnose a more widespread problem that mightcontinue to mean service failures.

[0401] According to a further aspect of the present invention, there isprovided a communications network management system, which systemcomprises:

[0402] b) an input for receiving fault reports in respect of one or moreservices supported by a network, and for receiving component alarms fromcomponents of said network;

[0403] b) a data store for storing data in respect of said networkand/or services; and

[0404] c) a fault processor for processing fault reports received viathe input, using data stored in the data store, to generate correctivesolutions,

[0405] wherein the fault processor comprises a correlation engine forcorrelating received fault reports in respect of one or more serviceswith received component alarms.

[0406] Embodiments of the present invention including the correlationengine can provide improved fault processing in that they may be able toidentify a root cause of faults which can affect more than one service,or service to more than one customer.

[0407] Preferably, the data store is structured to support faultprocessing of this type. For instance it may be structured to hold datarelating a problem description to one or more fault reports and tocorresponding one or more component alarms. A problem description mayinclude data describing component behaviour and, preferably, datareceived in respect of historic component behaviour. In the relativelysimple network and service provision of the past, historic behaviour islikely to reproduce predicted behaviour for a component However, in themuch more complex networks and services being provided today,embodiments of the present invention recognise that component behaviourmay no longer be fully predictable. Thus embodiments of the presentinvention which support fault processing in relation to historiccomponent behaviour may be very valuable in providing a learningmechanism in fault processing.

[0408] Alternatively, the fault reports generated by problems withcomponent behaviour might be unpredictable. Hence a problem descriptionmay instead or as well contain data defining fault reports in respect ofpast system behaviour, related to successful corrective solutions.

[0409] Known fault management systems for communication systems haverelied principally on fault reports by end-users to locate faults andtrigger a fault management process. Fault management has been donelargely at the network level, with the aim of keeping a network fullyfunctional. However, this means there will often be delays betweenidentification of a fault and its correction. As mentioned above,embodiments of the present invention may use proactive simulation ofservice instances to trigger faults latent in the network but not yetexposed by customer requirements. A further improvement which can beprovided by embodiments of the present invention is to relate faultprocessing to both service and customer data.

[0410] According to a further aspect of the present invention, there isprovided a communications network management system, which systemcomprises:

[0411] c) an input for fault reports in respect of a network and/or oneor more services supported by a network,

[0412] b) a data store structured to store data in respect of saidnetwork and services, and

[0413] c) a fault processor for processing fault reports received viathe input to generate corrective solutions;

[0414] wherein the data store is further structured to store customerdata in relation to services and the fault processor comprises acorrelation engine for correlating received fault reports in respect ofone or more services with customer data.

[0415] Preferably, the fault processor further comprises sortingapparatus for sorting fault reports in an order determined by correlatedcustomer data. This could be very important in prioritising faultreports and thus the manner in which a network is repaired in order torestore services of highest priority for instance because they have animpact on a large number of customers or customers with stringentservice levels agreed.

[0416] In practice, the correlation engine may combine the attributes ofthe correlation engines of the previous two aspects of the presentinvention and thus provide a two stage correlation mechanism, includingboth correlation of fault reports to component alarms and correlation ofcomponent alarns to customer data.

[0417] Advantageously, the customer data includes a measure or priorityof service provision in relation to an identified customer and anidentified service. This enables a further level of flexibility for themanner in which the network is repaired which might be inherited frompriority values in contractual data for the respective customer.

[0418] In an alternative to the previous aspect of the presentinvention, the data store may be further structured to store notnecessarily customer data but a priority parameter in respect of atleast one identified service and the fault processor may comprise acorrelation engine for correlating received fault reports in respect ofone or more services with the respective priority parameter(s). In thisalternative, there is no need to rely on customer data to identifyimportant services and thus to be able to prioritise fault reports orcomponent alarms for repair.

[0419] It is intended in embodiments of the present invention that anetwork operator, such as a cable operator, should be able to dealefficiently, and preferably proactively, with problems relating toaccess loss, performance, fraud and security. Further, it is intendedthat the operator should be able to analyse the impact of a problem inmore than one context, including preferably the impact on a service inrelation to the location in a network, the subscribers (customers)affected and the nature of the impact such as lost access or limitedperformance. Then the operator should preferably be able to identify theequipment generating a problem, current or pending, fix the problem atthe equipment level and log it for future analysis. This last may beparticularly useful if the operator can use past problems in diagnosingfuture ones.

[0420] Embodiments of the present invention may take advantage of aparticularly advantageous arrangement for launching test signals intothe network. According to a further aspect of the present invention,there is provided a method of testing a broadband network, the networkcomprising a head end for receiving one or more communications servicesfrom service providers and transmitting the one or more services towardsend user equipment, and comprising at least one node for receiving saidone or more services from the head end and delivering the service(s)towards end user equipment, which method comprises launching a testsignal to the network at said at least one node and monitoring aresponse by the network thereto.

[0421] A way of doing this is to install a personal computer, or likecomputing platform, in the node. The personal computer could bepre-programmed, or controlled from elsewhere, to launch the testsignals. For instance, it could be controlled via the head end relevantto the node. In order to test the response of the network to somethingas close as possible to user signals, if the node is a node in whichoptical to electrical signal conversion takes place, at a cable modemtermination system, the personal computer can be arranged to launch thetest signals via the cable modem termination.

[0422] If there is a significant problem in the signal path used tolaunch one or more test signals, the same problem could affect incomingcontrol signals to the personal computer. It is therefore particularlyadvantageous if the signal path used to carry control signals to thepersonal computer is different from the signal path used to launch oneor more test signals from the personal computer. A way of providingthese different paths is to launch the test signals via the cable modemtermination system, which also means that the test signals closelyemulate user signals such as service requests, but to carry the controlsignals to the personal computer without going through the cable modemtermination system. Alternatively or as well, out of band signalling canbe used for the control signals.

[0423] A network management system according to an embodiment of thepresent invention will now be described, by way of example only, withreference to the accompanying drawings (FIGS. 26 to 43):

[0424] Glossary

[0425] (The following will not necessarily be the only expansions orexplanations relevant and are here to give at least one option ratherthan to be taken as limiting the meaning of an acronym, word or phrasein any way.)

[0426] ACL: Access Control List

[0427] CM: cable modem

[0428] CMTS: Cable Modem Termination System

[0429] CRM: Customer Relationship Management

[0430] DHCP: Dynamic Host Configuration Protocol

[0431] DLC: Data Link Control. A service provided by the Data Link Layerof a function defined in the Open Systems Interconnection (OSI) Modelfor network communications. The Data Link Layer has two types ofsublayer, a MAC sublayer for each physical device type and a LogicalLink Control sublayer.

[0432] DSL: digital subscriber loop

[0433] DTV: Digital TV

[0434] EMS: element management system

[0435] FTTH: Fibre to the Home

[0436] HFC: Hybrid Fibre Coaxial network for carrying broadband (video,data and voice). The CATV company installs fibre from the Cable Head End(distribution centre) to serving nodes near the uses, then coaxial cableto the customer premises.

[0437] HSD: high speed data

[0438] Hub (See Regional networks and Hubs below) data can come in/goout in many directions. Usually includes a router, bridge or switch. Mayinclude modem cards for dial-in users, a gateway card to a LAN, and aline connection.

[0439] HTTP: HyperText Transfer Protocol

[0440] IDS: Intrusion Detection System

[0441] IDSL: Integrated Digital Subscriber Line. Can be flat ratewithout usage charges. It bypasses the voice network by plugging into aspecial router at the phone company end.

[0442] IEMS: Intelligent Element Management System

[0443] MAP: Internet Message Access Protocol. For accessing e/mail froma local server. The user can decide when and what should be downloaded.Cf POP3 (Post Office Protocol) in which everything is downloaded atonce.

[0444] IP: Internet Protocol

[0445] ISM: Internet Service Monitor by Netcool

[0446] KMS: knowledge management system

[0447] LDAP: Lightweight Directory Access Protocol. Enables anyone tolocate organisations, files, devices etc in a network.

[0448] MAC address: Media Access Control address. The unique hardwarenumber of a device. In an Ethernet, it is the Ethernet address. In theInternet, a correspondence table relates the IP (Internet Protocol)address to a physical device address on a LAN.

[0449] MOM: Manager of Managers

[0450] MRTG: Multi Router Traffic Grapher. A tool which monitors trafficload on network links. It generates live representation by means of HTMLpages containing GIF images. Available under GNU public licence.

[0451] NHE: Network Head End

[0452] PCS: Personal Communications Services

[0453] Regional networks and Hubs: these can carry digital multiplexesof entertainment video, high speed connections with the Internet andlocal servers via cable modems, commercial enterprise LANs/WANs, PCSover cable and telemetry, as well as traditional analogue TV. Typicalarchitecture is the head end, where all the signal sources are collectedand processed, distributing over a backbone to primary hubs which inturn distribute to secondary hubs which in turn distribute to fibrenodes. Everything between the head end and the fibre node is carried onfibre. The fibre nodes convert to RF and send signals onto coaxial cableto the users. The head ends and hubs will also distribute to their localvicinities.

[0454] Scope: in DHCP, a pool of IP addresses which the DHCP server canassign or lease to clients.

[0455] Segmentation: a network design approach using routers, switchesand bridges to keep traffic levels down in a network. A router, switchor bridge provides an access point controlling traffic into and out of asegment of network. Traffic is only sent into the segment containing thedestination of the traffic and won't be sent out of a segment if it isalready in the segment containing its destination. Broadcast traffic maybe blocked from a segment as a default behaviour of a router unless therouter has for instance explicit instruction to pass broadcast trafficinto the segment. Traffic in practice tends to be locally addressed.With segmentation, less traffic goes out onto the backbone and thuscollisions are reduced. Segmentation reduces the number of users sharingthe bandwidth since, within a segment, all users share the bandwidth andthe smaller the segment the fewer the users sharing. It thereforeincreases available bandwidth to each user. It can also extend Ethernetcabling distances because the beginning point for the maximum cablingdistance is reestablished.

[0456] SMTP: Simple Mail Transfer Protocol

[0457] STB: Set Top Box

[0458] Telnet: user command and underlying TCP/IP protocol for accessingremote computers with permission. HTTP and FTP can be used to requestfiles but not to logon. With Telnet, a user can log on like a regularuser with privileges of the relevant application and data on thatcomputer.

[0459] UBR: unspecified bit rate? For efficient, shared use of capacity.

[0460] VOD: Video on Demand

[0461] WLL: Wireless Local Loop

[0462] Referring to FIG. 26, a cable network operator may use severaldifferent access networks 2702 to support multiple services 2704 fordelivery to multiple types of Customer Premises Equipment (CPE) 2706. Todo that, it is necessary to manage behaviour of the components of thenetwork, particularly to monitor for alarms, and it is known to run anElement Management System (EMS) 2708 to do that, such as HewlettPackard's OpenView or BMC Patrol. At this level, it is also known to runan intrusion detection system and a network performance monitoringsystem such as Multi Router Traffic Grapher, available under GNU publiclicence.

[0463] All the data output from the EMS is collected for processing by aManager of Managers (MOM) 2710 such as Micromuse Netcool and aspects ofthe processed data may be made available to various users of the systemwho may be in the Network Operations Centre 2712 or the CustomerOperations Centre 2714. There will usually be two types of user in theCustomer Operations Centre 2714, a service operator and a customerservice manager. Hence overall, aspects of the processed data may berequired for presentation at three different Graphical User Interfaces(GUIs), a network operator GUI 2716, a service operator GUT 2718 and acustomer services GUT 2720.

[0464] Importantly in embodiments of die present invention there is alsoan Intelligent Element Management System (IEMS) 2722 and it is thiswhich provides a fully integrated management system which has powerfulanalysis capabilities across all levels of service provision to the enduser, for use at three different levels, the network, the services andthe customer interface. That is, the IEMS 2722 provides in a uniquepackage the complete set of functionalities which are needed to manage afull network.

[0465] Referring to FIGS. 26 and 27, the IEMS 2722 provides thefollowing aspects:

[0466] fault processing based on the services 2704 supported so thatsubscribed services can be kept up and running

[0467] subscriber oriented information processing and provision, whichis obviously important since subscriber satisfaction is always a majorpriority of the service provider

[0468] all-in-one product supporting the complete set of functionalitieswhich are needed to manage a full network

[0469] an integrated and powerful knowledge management system 2706,which can be provided with a complete set of relevant content

[0470] a multi-use/multi-purpose GUI, remotely accessible over lowbandwidth links and offering relevant views for the Network OperatorConsole 2716, the Service Operator Console 2718 and the CustomerOperator Console 2720

[0471] powerful correlation which can be used to analyse service failureto provide an impacted subscribers list and details, information on thenetwork components involved in the failure and, due to a second level ofcorrelation, to extract the root component alarm(s)

[0472] a complete set of tools 2802, adapted to user type and includingservice, customer and network related tools

[0473] adaptation to multiple services 2704 and multiple access networks2702

[0474] The example of an embodiment of the present invention describedbelow is designed particularly to support high speed data services on aHFC network. For the cable operator, this means providing always-onconnection with performance parameters to meet the contractual aspectssigned with the subscriber. Because of the always-on connection, it isalso particularly important to prevent fraud, such as a non-subscribertrying to get a free connection, and security violations such ashacking. It is intended in embodiments of the present invention tosupport the cable operator to do at least one and preferably all of thefollowing in the event of a problem:

[0475] Identify the global impact on Service in terms of

[0476] Where (which segment, which hub, which regional head end, . . . )

[0477] Who are the subscribers impacted (list)

[0478] What is the detailed impact (no access, limited performance, . .. )

[0479] Identify the equipment(s) (hardware, software, link) which hasgenerated the service problem (current or predicted)

[0480] Find and validate a solution to the problem

[0481] Log the problem for further analysis

[0482] Referring to FIG. 28, the IEMS comprises inputs for network alarmdata via a database 2902 and more service-specific monitoring data viaservice simulation data processing software 2904, a powerful knowledgemanagement system 2906 for use in generating corrective solutions toproblems and a correlation engine 2908 for analysing alarms to the rootcomponent level. Supporting these is a database 2910 holding for examplethe rules for the correlation engine 2908 and data supporting theknowledge management system 2906. The service simulation data processingsoftware 2904, receiving service data via probes 2912 in response toservice activity triggered by simulators embedded in the equipment beingmonitored is particularly powerful in that it can be used to testservices proactively, and to validate corrective solutions, bysimulating instances of services, as a user might trigger in normal use,and detecting service level responses via the probes 2912. Use of thesimulators can also produce network alarm data in the same manner asnormal use of the network and services.

[0483] The following description firstly describes a network environmentfor providing High Speed Data services to an end user, to putembodiments of the present invention into a working context, and thentakes the above areas and describes them in more detail.

[0484] Network Environment as Working Context

[0485] Referring to FIG. 42, a typical regional network for providingbroadband services will comprise a regional head end 4302 which receivesservices from Internet Service Provider equipment 4304 over a corenetwork 4306. The regional head end 4302 transmits services inconnection with identified locations in its regional network over acollection network 4308 to a plurality of hubs 4310. These hubs 4310contain routing devices 4312 which route the services towards the enduser equipment 4314.

[0486] A management network 4316 is provided for monitoring andcontrolling the network and service platform used to support serviceprovision. The management network 4316 is used in particular to pick upalarms and event data in respect of the network and services and totransport it to an operations centre, in the case shown in FIG. 42 tothe High Speed Data service and network operations centre 4318. In theoperations centre 4318, it is input to an intelligent management system4320 where it is processed in the light of network and service data, andin particular with reference to the knowledge management system 2906 andthe correlation engine 2908. Once the alarm and event data has beenprocessed, the results can be stored in a database of the managementsystem 2902 and viewed via Graphical User Interfaces (GUIs) by users ofdifferent categories. In particular these GUIs will be dedicated to anetwork operator 2716, a service operator 2718 and a customer relationsoperator 2720.

[0487] The intelligent management system 4320 primarily comprises thesoftware processes needed to process the incoming alarm and servicedata. It needs to call on data such as correlation rules for thecorrelation engine 2908, and data to support the knowledge managementsystem 2706. This data can be stored on any accessible database,preferably local, and can conveniently be stored on the network resourcedatabase 4322 and/or the provisioning database 4324 of the operationcentre 4318.

[0488] Network Alarm Data

[0489] Referring to FIG. 28, looking first at the collection andprocessing of network alarm data, the Netcool ObjectServer 2902integrates and consolidates alarms coming from network equipment 2918via a set of probes 2922. For each piece of network equipment 2918,including servers, the tools from the EMS layer 2708 will detect a rangeof alarms. For the purpose of the IEMS, particular data content of thesealarms is appropriate. The probes 2922 are used here effectively asfilters which select the types of alarms which are appropriate to theIEMS and input them to the Netcool ObjectServer 2902.

[0490] At least the following pieces of network equipment 2918 can bemonitored:

[0491] CMTS (MC16 card)

[0492] Unspecified Bit Rate (UBR) Router

[0493] Catalyst™ (Cisco router)

[0494] NT Operating System

[0495] Solaris Operating System

[0496] DHCP servers (CNR)

[0497] LDAP servers

[0498] Oracle Database Server

[0499] Back-end Provisioning Server

[0500] The network monitors 2920 are of known type and may comprise forinstance the following:

[0501] Hewlett-Packard OpenView: a set of products such as a NetworkNode Manager which provide event correlation, thresholding and alarming;

[0502] BMC Patrol: a set of products by BMC Software which include forinstance a central point of control for applications, computers, LANs,WANs and communications devices;

[0503] Chetah: a network management tool for HFC networks

[0504] Intrusion Detection Systems: these are systems which runcontinuously on a network and produce alerts for system and networkadministrators of potential illegal access to the network or host;

[0505] SATAN and SAINT tools: a Security Administrator's Tool forAnalysing Networks and the Security Administrator's Integrated NetworkTool which improve the security of a network by trying to break into it,available under a GNU public licence;

[0506] Performance monitoring tools; these measure performance in termsof response times or loading. An example of a performance monitoringtool is the Multi-Router Traffic Grapher, available under a GNU publiclicence, which monitors traffic load on network links and generates HTMLpages containing GIF images to give live representation.

[0507] Alarms detected by the tools 2920 are selected by the probes 2922for input to the Netcool ObjectServer 2902. The particular alarm typesmay be in relation to the following:

[0508] Availability (hardware or software)

[0509] Servers (including operating system processes, applicationprocesses and the like)

[0510] Network devices

[0511] Security

[0512] Some critical servers are security hardened so that some servicessuch as Telnet for instance are not available, and alarms arise ifsecurity is not maintained

[0513] Access Control Layer (ACL) violation

[0514] Firewall down

[0515] Performance

[0516] Central processing Units (CPU)

[0517] Random Access Memory (RAM)

[0518] Bandwidth and traffic

[0519] Cable Modem Terination System

[0520] Fraud

[0521] The MAC addresses of Customer Premises Equipment (CPE) forinvalid (unsubscribed) users are identified. A “diff-file” between LDAPrepository and SMS database is built, and an appropriate alarm isgenerated for invalid Mac-addresses

[0522] Change configuration

[0523] In network equipment

[0524] In servers

[0525] The network alarm data is stored for the IEMS in a database 2902which does some processing of received alarm data. The database 2902used in this embodiment is the Micromuse Netcool ObjectServer whichmaintains an overview of events and processes them to the extent thatthey can be grouped according to the services they potentially impact.

[0526] Service Monitoring Data

[0527] Referring to FIGS. 28, 29 and 42, as well as the collection ofnetwork alarm data, service-specific data is collected for each servicetype. Importantly, service data is picked up by the service simulatorprobes 2912 in response to activity triggered by service simulators3002, 4326, 4328 which are installed at relevant sites in a networkenvironment. The data collected is then processed and stored by servicesimulation data processing software 2904 for the IEMS system.

[0528] To put the use of service simulators 3002, 4326, 4328 andmonitors into context, the following describes the collection of datafor a High Speed Data (HSD) service run over a regional network as shownin FIG. 42.

[0529] There are three types of simulator 3002, 4326, 4328 in theembodiment presently described, installed in different locations of theHSD network.

[0530] A first type of simulator 4326 is provided by the known InternetService Monitor (ISM) produced by Micromuse Netcool, in the regionalhead end 4302 to monitor links for the ten most popular Web sites (to bedefined in setup), the IMAP and LDAP based services, and POP3/SMTPe-mail services, and in the hub 4310 to monitor DHCP based services.

[0531] A second type of simulator 3002, the HSD service simulator, isinstalled using a personal computer (PC) in the hub 4310 to test the“last mile” on all segments of the hub 4310. This PC is connected on thecable side of a cable modem termination system 3004 in the manner of enduser equipment. The PC is operated periodically to check a set offunctionalities. The operations carried out by means of this PC includeat least:

[0532] Reboot the PC and test provisioning access

[0533] Send an HTTP request to the provisioning server

[0534] Send HTTP requests to some popular Web servers to test access andresponse times

[0535] Attempt to use Telnet access to hardened servers

[0536] A third type of simulator 4328 is used specifically to testTelnet responses. It will launch Telnet commands to different pieces ofservice equipment in order to test critical links. For instance, it will“ping” a DHCP server or a Web site from an unspecified bit rateconnection. That is, it will issue an echo request. All Internet hostsare required to send echo replies in response to an echo request andthis is a simple way of finding out if a host can be reached.

[0537] A powerful aspect of embodiments of the present invention is thelink that can be made between alarms detected by the various probes2922, 2912 and other information such as services and customers affectedand root component alarms. The data content of the alarms collected bythe probes 2922, 2912 is of course important in this. This data contentcan be used in conjunction with the knowledge management system 2906 toproduce the necessary links.

[0538] EMS Database

[0539] Component Alarm Information Database

[0540] Each alarm generated has the following attributes:

[0541] IP Address

[0542] Equipment/module/port

[0543] Date/time of occurrence

[0544] Location, in particular where physically in the network (NHE,RHE, HUB)

[0545] Detailed description (in an “operator” comprehensive text)

[0546] Severity

[0547] Type of alarm (fault, performance, security, fraud, configurationchange, . . . )

[0548] Actions to Lake/recommendations to fix the problem, for instancethis might be in the form of a direct link to the right page and theright alarm in the trouble-shooting guide or the right procedure

[0549] Additional links to useful documentation

[0550] Procedures, docs, troubleshooting guide, install ation guide, . ..

[0551] Engineering documentation (technical architecture, detaileddesign)

[0552] Operational procedures

[0553] Configuration files

[0554] Vendor's documents

[0555] Link to vendor's Web site

[0556] Status, such as new, deleted (TBC)

[0557] Service Alarm Information Database

[0558] Each alarm generated has the following attributes:

[0559] Type of service

[0560] Internet Access

[0561] Service Provisioning

[0562] ISP Services (such as Email . . . )

[0563] Security/fraud

[0564] Performance

[0565] Management (i.e. part of IEMS tool, like ISM, PC Simulator, . . .)

[0566] Location

[0567] Detailed description

[0568] Alarm management

[0569] New, acknowledge, update, close, delete, assign to (whom)

[0570] When the status changes, store and display dale/time, name of theoperator and comment

[0571] KMS

[0572] KMS Tool

[0573] KMS tool is a Web-based application allowing operators to:

[0574] Browse content

[0575] Add/Modify/Update content (according to access profile)

[0576] Search documents with a textual search engine

[0577] The KMS tool is accessible from all screens of IEMS, and alsodirectly from a browser by typing the right URL.

[0578] KMS Content

[0579] The content of KMS is as exhaustive as possible; this is one ofthe major values of the IMS product. The following lists the differentsources of information available for all equipment of the HSD network:

[0580] Installation procedure

[0581] Configuration guide/files

[0582] Troubleshooting guide

[0583] Maintenance manual

[0584] User manual

[0585] Operations Manuals

[0586] Engineering documents

[0587] End To End Architecture

[0588] FAQ

[0589] Glossaries

[0590] Contact lists

[0591] Vendor's URL

[0592] GUI

[0593] Functional Role

[0594] As mentioned above, there are different categories of people whoare going to use IEMS and who are therefore provided with GUIs, thesebeing users responsible for network, service and customer operations.For each type of user, there are different levels of access defined,such as basic and advanced. For instance, a skilled operator's usershould be able to create rules. Navigation within the different screensis designed to be intuitive, in order to minimize the technical skillsneeded by users.

[0595] Service Operations GUI 2718

[0596] This GUI is fully Web-based and should be accessible through alow bandwidth link (typically 56 kbs). It shows:

[0597] Service status per service type/per location

[0598] Service outage list with % of users impacted/type of usersimpacted

[0599] Statistics of service outage per location/per type of service/pertype of user

[0600] Planning (network bandwidth, IP Scope, System resources, . . . )

[0601] KMS: service related information

[0602] Information on location: postal address, manager'sname/phone/email

[0603] Customer Operations GUI

[0604] Referring to FIGS. 30 and 31, the information that embodiments ofthe present invention can make available to a user in a customeroperations centre 2714 clearly links problems arising at the networklevel with the impact on customers. Further, it links service alarmswith component alarms in relation to the same part of the network. FIG.30 shows a screen available to a service operator in the customeroperations centre 2714 and FIG. 31 shows a screen available to acustomer operator. FIG. 31 is simpler and has been taken first in thedescription below.

[0605]FIG. 31 shows a menu of potential service alarms 3202 togetherwith indicators 3204 as to whether there is an alarm of that typeongoing. The potential service alarms 3202 include five categories ofservice alarm which are being monitored:

[0606] Internet access

[0607] Provisioning

[0608] ISP

[0609] Security

[0610] Management

[0611] An indicator 3204 for the provisioning service alarm is darkened,indicating a current provisioning service alarm. A user has clicked onthe “Provisioning” box which has had the effect of drilling down tolocation information in respect of the ongoing alarm. The locationinformation shows that there is a problem in the Manchester region ofthe Bromley NHE. Clicking on the Manchester region has opened up theBaguley regional head end and the Baguley hub locations as havingproblems in provisioning. The user has selected the Baguley regionalhead end in order to get further information.

[0612] Below the Service Alarms 3202 section of the screen, there is aComponent Alarms section. This shows the user has drilled down to exposetwo component alarms 3208 relevant to the Baguley provisioning problemin the regional head end, and gives the diagnosis that the LDAP serverand database are down.

[0613] The main portion 3210 of the screen is given to a “ServiceAlarms” screen showing management information in respect of the alarm inthe Baguley regional head end for which the user has selected to drilldown to the component alarms. This management information shows date,location, description, status and user impact. Importantly, the statusdata shows how the problem is being dealt with (it has been assigned toJames Reid) and the user impact data shows what category of customer ishit by the problem. In this case 10% of gold customers, 22% of silvercustomers and 43% of bronze customers are affected.

[0614] Referring to FIG. 30, the service operator has access to muchmore detailed information by pulling in data using the KMS 2906. Here,the user has selected an “Alarm Detail” screen in place of the “ServiceAlarms” screen. This has three sections. Firstly, in a “Service” 3102section of the screen, there is similar information to that shown to thecustomer operator on the “Service Alarms” screen described above, exceptthat there is also now an estimated correction time of 25 minutes.Secondly, in a “Description” 3104 section of the screen, there isinformation about the impact and importance of the problem. In theexample in FIG. 30, customers are unable to do any provisioning and theproblem is said to be critical with immediate action required. Thirdlyand importantly, in an “Action” 3106 section of the screen, theidentified component alarms likely to be causing the problem are offeredas links to a search engine for searching for information using theknowledge management system 2906 about these component alarms.

[0615] It can be seen from the right hand section 3108 of this screen,dedicated to the KMS 2906, that the search engine has already beenlaunched in respect of the component alarms listed in the “Action” 3106section of the screen to offer five sources of information relevant tocorrecting the problems, from the provisioning detailed design throughto the Baguley Hub Rack layout. This is a powerful aspect of embodimentsof the present invention in that targeted data from so many sources canbe accessed.

[0616] This GUI is Web-based and therefore accessible through a lowbandwidth link.

[0617] The primary types of information given which are accessible viathe Customer Operations Centre 2714 are:

[0618] Service status per service type/per location

[0619] Service outage list with % of users impacted/type of usersimpacted

[0620] Statistics of service outage per location/per type of service/pertype of user

[0621] KMS with custom operations information, such as FAQ, etc.

[0622] CPE manager (see “Tools”)

[0623] Network Operations GUI 2716

[0624] Referring to FIGS. 32, 33 and 34, a network operator, usuallyworking in the network operations centre 2712, has access to the fullset of functionalities described above in relation to FIGS. 30 and 31together with additional capabilities. These are accessible via thefollowing:

[0625] Location explorer

[0626] Alarm explorer

[0627] Full KMS access (service and component related information)

[0628] Full set of tools

[0629] Rules editor

[0630] This GUI 2716 is not necessarily fully Web-based.

[0631]FIGS. 32 and 33 show two screens in particular giving the networkoperator information on equipment at two different levels. FIG. 32 showsthe Location Explorer screen for equipment located at the Baguleyregional head end and FIG. 33 shows the Equipment Explorer screen for aroute connecting London to Newcastle. FIG. 34 shows the overall layoutof the Location and Equipment screens. This is that the user has aselectable list 3302 of Locations and/or Equipment to the left, acentral view of the relevant geographic or architectural layout 3304 ofnetwork equipment and KMS access 3306 to the right. A way the user caninteract with these views is via a set of pulldown menus 3308 at the topand further detail of these pulldown menus is as follows:

[0632] Menu detail:

[0633] File

[0634] Login

[0635] Logout

[0636] Quit

[0637] View

[0638] Alarm Explorer

[0639] KMS (y/n)

[0640] Location

[0641] All

[0642] Regional

[0643] Report

[0644] Summary

[0645] By location

[0646] By service

[0647] By users

[0648] Tools

[0649] Telnet

[0650] MRTG

[0651] KMS

[0652] IP Address management

[0653] IP provisioning query

[0654] DHCP LOG

[0655] BMC Patrol

[0656] HP OpenView

[0657] Settings

[0658] KMS setup

[0659] Inventory setup

[0660] Correlation setup

[0661] Graphics setup

[0662] Select Mode

[0663] Create Link Mode

[0664] Save Geometry

[0665] Help

[0666] About

[0667] Location Explorer Help

[0668] The Alarm Explorer screens available to service and customeroperatoins in the Customer Operations Centre 2714 are described withreference to FIGS. 30 and 31 above. However, the Alarm Explorer screensavailable to the network operator in the Network Operations Centre 2712and their associated navigation menus give access to different content.

[0669]FIG. 35 shows an alarm list for a user selection from a list ofall alarm types 3602. The user has selected to get further informationon ongoing alarms associated with the Baguley hub and status information3604 is shown for two alarms affecting the hub, “LDAP server down” and“LDAP database down”. The status information is that both of these havebeen assigned.

[0670]FIG. 36 shows the Alarm Explorer screen for tracing componentalarms 3702 relevant to ongoing service alarms 3704. In this case, thenetwork operator has selected the Baguley regional head end and theservice alarm associated with the Baguley regional head end is shown tobe related-to the same two component alarms as the Baguley hub, “LDAPserver down” and “IDAP database down”. The network operator has selectedone of these, “LDAP server down”, for Alarm Detail. In a mannerequivalent to the Alarm Explorer capability for the service operator,shown in FIG. 30, the Alarm Detail section 3706 has brought up commentson the component involved, a description of the problem and action totake. A search has been run using the KMS 2906 to bring up relateddocumentation in the KMS portion 3708 of the screen.

[0671]FIG. 37 shows the overall layout of the Alarm screens of FIGS. 35and 36. This is that the user has a selectable list of Service Alarms3802 and a selectable list of Component Alarms 3804 to the left, acentral view of the relevant Alarm List or Alarm Detail 3806 and KMSaccess 3808 to the right. A way the user can interact with these viewsis again via a set of pulldown menus 3810 at the top and further detailof these pulldown menus is as follows:

[0672] Menu detail:

[0673] File

[0674] Login

[0675] Logout

[0676] Quit

[0677] View

[0678] Location Explorer

[0679] KMS (y/n)

[0680] Sort alarm list

[0681] By nb user impacted

[0682] By service impacted

[0683] By location

[0684] Correlate

[0685] Find root alarms

[0686] Tools

[0687] Telnet

[0688] MRTG

[0689] KMS

[0690] Re-segmentation

[0691] IP Address management

[0692] IP provisioning query

[0693] DHCP LOG

[0694] BMC Patrol

[0695] HP OpenView

[0696] Settings

[0697] KMS setup

[0698] Inventory setup

[0699] Correlation setup

[0700] Others

[0701] Help

[0702] About

[0703] Alarm Explorer Help

[0704] In the above, correlation and sorting mechanisms are mentioned.These are both further discussed below.

[0705] It is possible for a user to run the KMS 2906 directly to locateinformation in the documentation available to the KMS. FIGS. 38 to 41show example screens and the content of the navigation menus in thisrespect.

[0706] Menu detail:

[0707] Documentation

[0708] Vendor manual

[0709] Engineering documents

[0710] Platform Administration

[0711] Procedures

[0712] Configuration files

[0713] Equipment

[0714] Inventory

[0715] Equipment types

[0716] Links

[0717] Software

[0718] Inventory

[0719] Software types

[0720] Links

[0721] Fault Monitoring

[0722] Component alarm classes

[0723] Service alarm classes

[0724] Services

[0725] Impact

[0726] Contacts

[0727] People

[0728] Sites

[0729] Companies

[0730] KMS Administration

[0731] Users administration

[0732] Other tables

[0733] SQL requests

[0734] HELP

[0735] About

[0736] KMS Help

[0737] Correlation and Sorting

[0738] From the Alarm Explorer screen, and referring back to FIG. 28, auser can launch a correlation engine 2908 by choosing an appropriatemenu. The goals of correlation in embodiments of the present inventionare (depending on the user) to link a service alarm or a location eitherto impacted subscribers or to associated components. Linking to impactedsubscribers can be used to give a measure of the importance of theproblem and linking it to associated components can be used to put theproblem right. The identification of impacted subscribers might be donein more than one way. Three examples are to:

[0739] select all subscribers associated with a location by reviewing alist of customer premises equipment MAC addresses mapped to the location

[0740] select some of the above subscribers according to a furtherselection criterion

[0741] run an IP address management application which provides detailson subscribers impacted

[0742] The identification of associated components might also be done inmore than one way. Two examples are to:

[0743] generate a full list

[0744] use correlation rules to find and display only root componentalarms

[0745] Once the impacted subscribers and the associated components havebeen identified, it is possible to sort them in various ways. Forinstance, the type of service affected can be sorted against location,against the number of subscribers impacted or against the type ofsubscribers impacted. For instance the types of subscribers might becoded as VIP, gold and the like.

[0746] Defining Rules

[0747] The rules for reporting are preferably stored in a database andpreferably viewable and modifiable by means of a graphical userinterface. A conventional expert system may be employed to manage andupdate the rules. Some rules may be general rules and others may betailored to a particular environment.

[0748] Trouble Reporter

[0749] Referring again to FIG. 28, another Web-based application whichcan be provided in embodiments of the present invention, and will beaccessible to users via the network operations GUI 2716 and the serviceoperations GUI 2718, is a trouble reporter 2916. This can provideservice-related statistics for use for example in managing service levelagreements. Useful data in this respect can be accumulated by day, weekor month on the following:

[0750] service impacted

[0751] number of alarms

[0752] localisation

[0753] severity

[0754] subscribers impacted in terms of number and/or type

[0755] start/end date/time

[0756] Other statistics which might be desirable via the troublereporter 2916 are the identification of recurring failures, mean time torepair, percentage availability and the like.

[0757] A series of tools 2802 may be supplied in embodiments of thepresent invention which can be run separately by means of the GUIs butwhich might also support the main functions concerned with alarm andservice analysis. These tools can provide a very rounded and flexibleapproach to service management in a complex network environment.

[0758] A first of these tools 2802 for instance might be an IP addressmanagement tool which allows a number of address aspects to be reviewedas follows:

[0759] Checking an IP address by selecting a subscriber's IP address andthen—

[0760] the MAC address of the subscriber's device

[0761] MAC address and IP address of associated cable modem (if MACaddress is different)

[0762] Associated DHCP server IP address

[0763] Associated CMTS IP address

[0764] Associated LDAP IP address

[0765] Subscriber's details (i.e., name, address, credit status . . . )

[0766] List of services used (HSD Gold, . . . )

[0767] Checking an IP address by selecting an infrastructure IP addressand then—

[0768] Equipment name

[0769] Equipment location

[0770] List of software running on it (if appropriate)

[0771] (Optional) Details of software (e.g., login, password, . . . )

[0772] (Optional) List of related equipments (if appropriate—e.g.,CMTS-uBR)

[0773] Additionally, this tool can be used to return statistics on theutilisation of IP address scopes on a DHCP server basis. For each serverthe application returns the list of managed scopes. For each scope theapplication returns:

[0774] Scope name

[0775] Scope range

[0776] Private/public

[0777] Scope utilisation

[0778] Associated DHCP server IP address

[0779] Associated CMTS IP address

[0780] Time of last update (i.e., the last time the statistics weregathered)

[0781] Lastly, this tool can be used to display a list of equipment, interms of name, type and IP address, sorted by location.

[0782] Another of the tools 2802 might be used to launch a Telnetsession with specified equipment.

[0783] A DHCP server tool can be arranged to parse the DHCP log filefrom CNR servers in order to extract useful information such as failureof a cable modem provisioning process, and/or to automate a progressivere-provisioning process in case of outage of a complete part of thenetwork in order to avoid flooding the DHCP servers.

[0784] A CPE manager tool can be dedicated to address a specificsubscriber or end-user request:

[0785] Find out the status of a cable modem, from an IP address or asubscriber ID (in relation with the IP Provisioning Database)

[0786] Check status of the associated HSD Service Simulator (sameHUB/same segment as the subscriber), and compare it to the subscriber'sproblem

[0787] Associate subscriber with a current service outage

[0788] Reboot subscriber's cable modem, change/update service class(gold/Silver/Bronze), IP filters

[0789] Monitor performance

[0790] A maintenance forecast tool can be dedicated to sendmessages/postal mails/ . . . to customers when a forecasted maintenanceoperation will have an impact on a specific service impacting them.

[0791] A resegmentation tool can process performance warnings (e.g.available bandwidth in a CMTS card) to propose resegmentation options.

[0792] In FIG. 42 described above, an embodiment of the presentinvention is shown for the environment in which a global infrastructureprovider controls the end to end network, up to the Internet ServiceProvider's platform. In FIG. 43, the equivalent arrangement is shownwhere the service provider uses an embodiment of the present inventionto control the ISP part of network, but is also able to use the HSDsimulator 4402 installed within the hubs of the infrastructure provider.

[0793] In summary, the communications network management system isherein disclosed which can assist identification and rectification offaults on a network, particularly a broadband access network, leading tomore effective service provision.

[0794] Further Details of a Knowledge Management System

[0795] As discussed above, the CNMS may be implemented in conjunctionwith a Knowledge Management System (KMS). Further details of oneembodiment of a KMS which may be implemented in conjunction with themethods and systems described herein, or as an independent entity, areoutlined below. This embodiment is described by way of example only andis not intended to be limiting in any way.

[0796] The KMS tool may be implemented as a web-based application thatallows you to instantly access a variety of documents pertaining to yournetwork equipment and to retrieve context sensitive help relating tocomponent and service alarms.

[0797] The Knowledge Management System 4802 can be integrated withImagine Service Emulation Agent (ISEA) modules, such as the Cable ModemManager 4804 and Set Top Box Manager 4806, embodiments of which aredescribed in more detail below, in a distributed system to simulate asubscriber access to Internet Service as shown in FIG. 47.

[0798] The following are non-limiting examples of functions andassociated method steps which may be performed using a KMS application:

[0799] The Knowledge Management System may display a list of documentsbased on user input. This may be implemented as described below:

[0800] After selecting the type of document from the available options,for example vendor manual, engineering documents or procedures, aDocument Selection display mode allows a user input corresponding tothat type of document. Search criteria to apply can be chosen byselecting items from list boxes. If it is not desired to specify aparticular type of equipment, type of software, or company name, then“All” can be chosen from the menu. This choice indicates that nospecific selection has been made and provides a view of all documentscorresponding to the remaining search criteria for all available typesof equipment, software and company names. If the exact reference for thedocument required is not known, it is possible to look for informationaccording to subject. The following common information fields may beused:

[0801] Title

[0802] Author

[0803] Description

[0804] Equipment Type

[0805] Software Type

[0806] Company

[0807] The KMS screen may display a list of candidate documents fromwhich a user can select.

[0808] The Knowledge Management System may also display detailedinformation for a selected document. Detailed information about all thedocuments found that correspond to inputted search criteria may bedisplayed. Each document may be viewed in turn. Details may include theauthor of the document, a description of the document, file format,version, and the document URL

[0809] The Knowledge Management System further allows the management ofdocuments according to user rights. User rights may be used to definewhat actions a user will be able to take within the KMS tool. Possibleactions include:

[0810] Adding a new document.

[0811] Updating the detailed information for a document

[0812] Deleting a document.

[0813] The KMS may further allow the contents of a document to beviewed. It may be possible to view the contents of a document from theDocument Details display mode by clicking on the document URL.

[0814] The KMS may be operated via a Graphical User Interfacearchitecture as shown in FIG. 48.

[0815] An Imagine Service Emulation Agent (ISEA)

[0816] The principles and methods described herein may be implemented inconjunction with a Imagine Service Emulation Agent (ISEA). An ISEA for aHigh Speed Data (HSD) service system may be implemented as a standalonesystem and may be dedicated to monitor end-user High Speed DataServices, enabling remote diagnosis and reducing lead-time for problemresolution. This application is described by way of example only and isnot intended to be limiting in any way.

[0817] According to the present embodiment, the ISEA is located on the“last-mile” access network (typically one agent per HUB). Featuresprovided may include some or all of the following:

[0818] Sophisticated, permanently-running scenarios to simulateextensive HSD end user activity:

[0819] Provisioning process

[0820] Internet access

[0821] ISP access

[0822] Security checks

[0823] Configuration of scenarios through scripting language (e.g. XML).

[0824] Logging of service outages to local files.

[0825] Integrated Web Server for Service Alarms Monitoring.

[0826] Specific check on request (Dynamic Check), to provide help onfailure diagnostics.

[0827] SNMP interface to an external SNMP manager (for example, HP OV,or Spectrum)

[0828] Reporting of Service Alarms to Service Manager, part of ServiceAssurance Product Suite.

[0829] The emulation of services may be used to test the provisioningand quality of a number of services offered over the Communicationsnetwork. Emulated services may include some or all of those listedbelow:

[0830] Emulation of the provisioning process may allow a number of thefollowing features to be assessed:

[0831] Response time to get a new IP Address

[0832] DHCP renew

[0833] Alarm on timeout

[0834] Emulation of Internet access may test:

[0835] Response time to access some (e.g. 20) popular web sites

[0836] Alarm on timeout

[0837] ISP Access (E-mail, Chat, News, etc.) simulation may also beprovided to test:

[0838] Simulation of Mail Send and Receive

[0839] POP/SMTP protocols

[0840] Chat/news simulation (IRC or equivalent protocols)

[0841] Response time

[0842] Alarm on timeout

[0843] Security Check

[0844] Simulation of hacker attacks may be used to test security holes,for instance:

[0845] Ping on secured servers

[0846] Open UDP/TCP sockets on secured server ports

[0847] Alarm if successful

[0848] The ISEA may perform permanent monitoring and/or may implementdynamic checks on request, for example by activation through anintegrated web-server.

[0849] A scenario may be defined by a number of different parameters andconditions. These may include the scenario name and/or the differentlocations and services with which the scenario is concerned. FIG. 55illustrates one embodiment of scenario organization.

[0850] The ISEA may be implemented as a Java application designed to runon a Linux box. Other equivalent scripting or programming languages mayalso be used and may be implemented within other operating environments.In term of hardware, in this embodiment, the box must have at least 2NIC cards, the first one dedicated to the management (eth0) and thesecond one (eth1) dedicated to perform all the required tests as shownin FIG. 56.

[0851] The ISEA Architecture of the present embodiment is composed ofsix key components, as shown in FIG. 57:

[0852] The Imagine Service Emulator Agent Engine 5702

[0853] The Configuration 5704

[0854] The Connectivity 5706

[0855] The Protocol 5708

[0856] The Alarm Handler 5710

[0857] Communication 5712

[0858] Each of these components may be configured in two files:

[0859] The Agent file that contains:

[0860] The Agent Configuration

[0861] The Communication Configuration

[0862] The Connectivity Configuration

[0863] The Scheduler Manager Configuration

[0864] The scheduler manager file that contains:

[0865] The Alarm Handler Configuration

[0866] The Protocols Configuration

[0867] The Service Configuration

[0868] The Scenarios Configuration

[0869] The Scheduler Configuration

[0870] Configuration of the Agent may be provided by a number of modularcommands, and these are typically in the form of an activation script.Preferably this script is a markup language, and more preferably XML(extensible markup language) is used. A number of XML configurationsections are shown by way of example in FIGS. 49 to 54.

[0871] With reference to FIG. 51, it should be recognized that often theprotocols section must only contain protocols that will be used. It ishowever possible to add protocols by concatenation of the protocolsection into one XML file.

[0872] A Hybrid Fiber-Coax Manager

[0873] The systems and methods described above may further beimplemented in conjunction with a Hybrid Fiber-Coax Manager, adescription of one embodiment of which follows below. This applicationis described by way of example only and is not intended to be limitingin any way.

[0874] The Imagine HFC Manager (HFC-MGR) tool may be used to provide thecustomer service operator with different views of the HFC network toenable remote diagnosis and to reduce lead-time for problem resolution.The resulting remote operations may increase call centre efficiency andreduce manual transfers and interventions. The Imagine HFC Manager toolmay be used to help customer service operators and network operators byoffering visibility of various aspects of the platform from allocationof the bandwidth and packet loss, monitoring of network interfaces suchas HUB and CMTS CARD, and HFC segmentation.

[0875]FIG. 44 shows a sample HFC manager deployment. In this embodiment,the HFC manager 4502 is installed in a national data centre near aProvisioning Database. Only infrastructure elements relative to HFCManager are shown

[0876] According to one embodiment, the HFC Manager application can bebroken down into four main functional areas:

[0877] Location/Equipment tree.

[0878] CMTS Router Management.

[0879] CMTS Card Management.

[0880] Segmentation Management.

[0881]FIG. 45 illustrates CMTS router 4604 and CMTS card 4602relationships.

[0882] According to the present embodiment, the HFC Manager may providethe user with the following views, accessible through a drill-downgeographical tree:

[0883] A global National view, showing Regions information

[0884] A Regional view (National/Regional Head-End (NHE, RHF), Hubs),showing nodes information

[0885] A node view, detailing HFC segments information

[0886]FIG. 46 shows a user interface overview.

[0887] According to one embodiment of the user interface, a user maydrill-down through Countries, Regions or Equipments, or obtain opendetailed information about CMTS router or CMTS cards. This may be doneby a user, for example, by clicking on appropriate text or icons in auser interface display.

[0888] The main window of the HFC_MGR user interface may be divided intotwo main parts. A “Location/Equipment Panel” may be used to display thedifferent levels of the location tree and related equipment An“Information Panel” may allow the display of information about HFCequipment. The system may be configured so that only HPC equipmentrelevant to the selection in the Location/Equipment Panel is displayed.

[0889] The “Location/Equipment Panel” may display information accordingto the following structure:

[0890] All Locations may be attached to the country with a hierarchicaltree: Region, NHE, RHE and attached HUB All Equipment attached to anyLocation. For instance all CMTS Router attached to a HUB, then all CMTScards attached to a CMTS Router.

[0891] If a Country, region, NHE or RHE is selected in the first(location) environment, a second (display) environment, the “LocationInformation Panel”, may be used to display the list of all availablelocations. The fields may include some or all of the following:

[0892] Location: depending on the selection in the first environment,the “Location/Equipment Panel”:

[0893] If a Country is selected, a list of regions within the countrymaybe displayed.

[0894] If a Region is selected, a list of Regional Head Ends (RHEs),National Head Ends (NHEs) and HUBs may be displayed.

[0895] Total HP: number of “Home passed”. A “Home passed” represents thenumber of Cable Modems or Set-Top Boxes we can potentially connect.

[0896] Total CM-STB: number of Cable Modems or Set-Top Boxes actuallyconnected.

[0897] Penetration: Total CM-STB as a percentage of /Total HP

[0898] Bronze: number of Cable Modem or Set-Top Boxes with BronzeQuality of Service

[0899] Silver: number of Cable Modem or Set-Top Box with Silver Qualityof Service

[0900] Gold: number of Cable Modem or Set-Top Box with Gold Quality ofService

[0901] If a HUB is selected in the first environment, the“Location/Equipment Panel”, the second environment, the “LocationInformation Panel”, may further display information on theSignal-to-Noise Ratio (SNR), downstream/upstream bandwidth, and CM forall CMTS cards in this CMTS Router. The fields may include some or allof the following:

[0902] CMTS: CMTS card identification e.g. “Cable3/0”

[0903] CMTS Router: CMTS Router path e.g. “ubr01 soph.ib.sophia.com”

[0904] SNR min: in db, Signal to Noise Ratio. Minimal Signal/Noise ratioas perceived from this CMTS card.

[0905] SNR max: in db, Signal to Noise Ratio. Maximal Signal/Noise ratioas perceived from this CMTS card.

[0906] Downstream bandwidth: in bits, the bandwidth of this downstreamchannel.

[0907] Upstream bandwidth: in bits, the bandwidth of this upstreamchannel.

[0908] CM number

[0909] Registered CM number

[0910] If a CMTS Router is selected, for example on the“Location/Equipment Panel” or the “Location Information Panel”, detailedinformation for this CMTS Router can be displayed. In this embodiment,information is displayed in two main sections; one for CMTS Routerdetailed information and the other for CMTS downstream/upstream data.

[0911] The information displayed in the CMTS Router Information Panelmay include some or all of the following:

[0912] System Description: a text description of the entity. This valuemay include the full name and version identification of the system'shardware type, software operating system, and networking software.

[0913] System Up Time

[0914] Memory Daily Graph: graph of memory utilisation.

[0915] Overall CPU 0 Load: The Current Load or a Daily Graph may bedisplayed.

[0916] Interface FastEthernet 0/0: The current Status (e.g. UP/DOWN) maybe displayed in addition to or in place of a Daily Graph of theFastEthernet 0/0 traffic.

[0917] Interface FastEthernet 1/0: The current Status (e.g. UP/DOWN) maybe displayed in addition to or in place of a Daily Graph of theFastEthernet I/O traffic.

[0918] For all CMTS cards, downstream and upstream information can bedisplayed in the “CMTS Card Upstream/Downstream section”.

[0919] CMTS CARD information may also be displayed in a “CMTS CardInformation Panel”, which may incorporate sonic or all of the followingCMTS card information:

[0920] General Information may Include:

[0921] Number of Cable Modems

[0922] Number of Cable Modems registered (online)

[0923] Number of Flapping Modems

[0924] Check Segmentation

[0925] CMTS CARD Downstream information, such as that below may also bedisplayed:

[0926] Total bytes OUT

[0927] Total discard OUT

[0928] Traffic Analysis/Daily Graph

[0929] CMTS CARD Upstream information, such as that below may also bedisplayed:

[0930] Codewords received without errors

[0931] Codewords received without correctable errors

[0932] Codewords received without uncorrectable errors

[0933] Current SNR in dB

[0934] Signal Noise Ratio Analysis/Daily Graph

[0935] Traffic Analysis/Daily Graph

[0936] Total bytes IN in Mb

[0937] Total discard IN in packets

[0938] According to one embodiment, it may also be possible to perform asegmentation audit using the HFC_MGR. The user may edit segmentationparameters and the process display shows if segmentation is needed ornot. According to the present embodiment, the segmentation process usesthree methods that provide three different results.

[0939] Method 1: If the total number of Cable Modems (CMs) registered onthe network is greater than the edited Number Max of CM/Seg parameter,then segmentation is needed.

[0940] Method 2: If the total number of CM registered on the network,multiplied by the Bandwidth min parameter is greater than the Bandwidthparameter, then segmentation is needed. This means that given theavailable bandwidth, the pre-defined minimum QoS is not guaranteed forall the CMs.

[0941] Method 3: If the total number of CMs registered on the network,multiplied by their maximum bandwidth (defined in their configurationfile) and multiplied by the Contention parameter, is greater than theBandwidth parameter, then the segmentation is needed since, given theavailable bandwidth and the contention, the QoS is not guaranteed forall the CMs.

[0942] Parameters used in segmentation, some or all of which may bedisplayed in a “Segmentation Parameter Panel” include:

[0943] Bandwidth in Mb:: available bandwidth.

[0944] In this embodiment, there are two possible values:

[0945] 24 Mbps for USDOCSIS

[0946] 34 Mbps for EURODOCSIS

[0947] Number Max of CM/Seg: maximum number of CM (used for Method 1)

[0948] Bandwidth min in Kb/s: minimum bandwidth available for all theCMs, without regard to their QoS. (Used for Method 2)

[0949] Contention in percentage: 100% means that the bandwidth is sharedbetween all the CMs, at the same time. (Used for Method 3).

[0950] The three results of the segmentation process can be displayed.For each of these three results, the value can be “segmentation needed”or “segmentation not needed”.

[0951] “NB CM=”: result of Method 1

[0952] “MIN=”: result of Method 2

[0953] “MAX=”: result of Method 3

[0954] A Cable Modem Manager

[0955] The system may also be implemented in conjunction with a CableModem Manager. An embodiment of the Cable Modem Manager, or Cable ModemManager Application (CM_MGR) is described in more detail below. TheCM_MGR may be implemented as part of the system described herein or maybe provided independently. The features of the system described hereinmay be provided in combinations other than those outlined here and maybe provided independently unless otherwise stated. This embodiment ofthe Cable Modem Manager application is described by way of example onlyand is not intended to be limiting in any way. Potential users of thesystem may be described as customers or subscribers in the followingdescription.

[0956] The Cable Modem Manager may be implemented as a distributed webbased application, and can be deployed centrally or be distributed. FIG.23 shows an embodiment of the CM-MGR 2302 with a distributed solutionincorporated into a network environment for provisioning apparatus.Other elements of the provisioning apparatus, such as the Set Top BoxManager 2304 and the Knowledge Manager 2306, are described herein andmay be implemented alongside the CM_MGR 2302. In an alternativeembodiment, features of the other elements may be incorporated into theCM_MGR.

[0957] The Cable Modem Manager can be integrated with Imagine ServiceEmulation Agent (ISEA) modules to simulate a subscriber access toInternet Service.

[0958]FIG. 24 shows the CM-MGR technical architecture overview, and how,in this embodiment, the CM-MGR application 2402 can retrieve and displayinformation from sources including.

[0959] The ISA Database 2404, which may be used to retrieve subscriber,provisioning and services data.

[0960] The Dynamic Host Configuration Protocol (DHCP) servers 2406,which may be used to retrieve cable modem IP addresses.

[0961] The Cable Modem Termination System (CMTS) 2408 and cable modem,which may allow retrieval of cable modem data.

[0962] The ISEA 2410 (when ISEA integration is employed), which may beused to obtain detailed information concerning subscriber services.

[0963] According to the present embodiment, the Cable Modem Managerapplication can perform some or all of the following main functionalfeatures:

[0964] Subscriber information searching, wherein information aboutindividual subscribers may be obtained by inputting criteria such asfirst name, last name, PID, MAC or IP address into a search panel. Theapplication displays a list of subscribers that match the searchcriteria in a Results list.

[0965] Status Monitoring, wherein by inputting the details of a selectedsubscriber, the application displays detailed information about thatselected subscriber. Such detailed information may include:

[0966] Subscriber Information: PID, name, address and e-mail address.

[0967] Cable modem status from the ISA database: MAC address, CMTS name,UBR name, Location and Region.

[0968] Cable modem status from the Cable Modem Termination System(CMTS): includes downstream and upstream channel information, onlinestate, timing offset, received power, and Quality of Service (QoS)profile.

[0969] Cable modem status directly from the cable modem: serial number,software and hardware versions, and operating system.

[0970] Performance MoniLoring (Polling), wherein by inputting thedetails of a selected subscriber and polling characteristics, theapplication can monitor and display performance inforination such as thestart date, MAC address, PID and status.

[0971] Service status monitoring, whereby if ISEA Integration isemployed, status of ISP, Internet, and performance can be displayed

[0972] In this way the CM-MGR can be used as a tool to solve a number oftechnical problems in the field of communications networks. For example,if a subscriber has recently upgraded to a premium subscription service,but complains that service is no faster than before, then by taking thesubscriber's details, the status of the subscriber's modem can bedisplayed at a remote location, and if necessary that modem can beremotely rebooted.

[0973] In an example where ISEA integration is employed, if a subscribermakes a complaint because of being unable to access their e-mailservice, and by taking the subscriber's details and analyzing the statusof the subscriber's modem the cause of the subscriber's issue is notidentified, then ISEA connection can be activated and the availabilityof the email service to the user account can be displayed.

[0974] It will be appreciated that such an application can be used tomonitor a wide variety of information associated with a communicationsnetwork. Examples of status information which the present applicationmay be used to monitor are given below. The status information may bedisplayed on a control terminal or apparatus to allow monitoring of thesystem and resolution of faults which may arise. The system may bearranged so that selected items of information may be displayed in a“Standard View” and further details may be obtained by entering a“Advanced View” for each of the frames below.

[0975] Subscriber information including the following details may bedisplayed in a “Subscriber Information Frame”:

[0976] Personal ID (PID)

[0977] First and Last Name

[0978] Address: street, city, zip code

[0979] E-mail

[0980] A “Cable Modem Information from Database Frame” may displayinforination retrieved from the ISA database, including:

[0981] CM MAC address

[0982] CMTS name

[0983] UBR name

[0984] Location and Region

[0985] A “Cable Modem Status from the CMTS Frame” may displayinformation retrieved from the Cable Modem Temination System, including:

[0986] Downstream Channel:

[0987] Identification. The Cable Modem Termination System (CMTS)identification of the downstream channel.

[0988] Frequency. The frequency of this downstream channel.

[0989] Bandwidth. The bandwidth of this downstream channel. Modulation.The modulation type associated with this downstream channel.

[0990] Interleave. The Forward Error Correction (FEC) interleaving usedfor this downstream channel.

[0991] Power. At the CMTS, the operational transmit power. At the CM,the received power level.

[0992] Upstream Channel:

[0993] Identification: this may comprise a unique value, greater thanzero, for each interface. In one embodiment, values could be assignedincrementally starting from one.

[0994] Frequency. The centre of the frequency band associated with thisupstream channel may be displayed. “0” may be shown for an unknown or anundefined frequency. Minimum permitted upstream frequency is 5 MHz forcurrent technology.

[0995] Bandwidth. The bandwidth of this upstream channel may bedisplayed. “0” may be shown for an unknown or an undefined frequency.Minimum permitted channel width is 200 kHz currently.

[0996] Transmit timing offset. A measure of the current round trip timeat the CM, or the maximum round trip time seen by the CMTS may bedisplayed.

[0997] Slot size. The number of 6.25 microsecond ticks in each upstreammini-slot may be displayed.

[0998] Ranging backoff start. The initial random backoff window to usewhen retrying Ranging Requests.

[0999] The value may be expressed as a power of 2. A value of 16 at theCMTS may be used to indicate that a proprietary adaptive retry mechanismis to be used.

[1000] Ranging backoff end. The final random backoff window to use whenretrying Ranging Requests.

[1001] The value may be expressed as a power of 2. A value of 16 at theCMTS may be used to indicate that a proprietary adaptive retry mechanismis to be used.

[1002] Transmit backoff start. The initial random backoff window to usewhen retrying transmissions. The value may be expressed as a power of 2.A value of 16 at the CMTS may be used to indicate that a proprietaryadaptive retry mechanism is to be used.

[1003] Transmit backoff end. The final random backoff window to use whenretrying transmissions. The value may be expressed as a power of 2. Avalue of 16 at the CMTS may be used to indicate that a proprietaryadaptive retry mechanism is to be used.

[1004] Other information, such as that listed below, may also bedisplayed in the “Cable Modem Status from the CMTS Frame”. For anyunknown value, a value of “0” may be displayed:

[1005] Max number of CPEs. The maximum number of permitted CPEsconnecting to the modem.

[1006] IP address. IP address of this cable modem. If no JP address hasbeen assigned, or for an unknown IP address, a value of 0.0.0.0 may bedisplayed. If the cable modem has multiple IP addresses, the IP addressassociated with the cable interface may be displayed.

[1007] Received power. The received power as perceived for upstream datafrom this cable modem.

[1008] Timing offset. A measure of the current round trip time at theCM, or the maximum round trip time seen by the CMTS. This may be usedfor the timing of CM upstream transmissions to ensure synchronisedarrivals at the CTMS. In this embodiment, units are in terms of (6.25microseconds/64).

[1009] DOCSIS status. Status code for this cable modem as defined in theRF Interface Specification. In this embodiment, the Status codecomprises a single character indicating error groups, followed by a twoor three digit number indicating the status condition.

[1010] Unerrored. Codewords received without error from this cablemodem.

[1011] Collected. Codewords received without error from this cablemodem.

[1012] Uncorrectable. Codewords received with uncorrectable errors fromthis cable modem.

[1013] Signal to Noise Ratio. Signal/Noise ratio as perceived forupstream data from this cable modem.

[1014] Micro reflections (dbmV): A rough indication of the totalmicroreflections including in-channel response as perceived on thisinterface. This may be measured in dBc below the signal level.

[1015] Connectivity state. Current cable modem connectivity state.

[1016] Online times. The percentage of time that the modem stays onlineduring the time period starting with the modem's first ranging messagereceived by the CMTS until now.

[1017] Minimum online time. The minimum period of time the modem stayedonline during the time period starting with the modem's first rangingmessage received by the CMTS until now.

[1018] Average online time. The average period of time the modern stayedonline during the time period from the modem's first ranging messagereceived by the CMTS until now.

[1019] Maximum online time. The maximum period of time the modem stayedonline during the time period from the modem's first ranging messagereceived by the CMTS until now.

[1020] Minimum offline time. The minimum period of time the modem stayedoffline during the time period from the modem's first ranging messagereceived by CMTS until now.

[1021] Average offline time. The average period of time the modem stayedoffline during the time period from the modem's first ranging messagereceived by the CMTS until now.

[1022] Maximum offline time. The maximum period of time the modem stayedoffline during the time period from the modem's first ranging messagereceived by the CMTS until now.

[1023] Admin status

[1024] Quality of service. This may be a group number, for example a QoSprofile of 9 may mean that the maximum downstream data rate is 128 kb/s,corresponding to a bronze QoS.

[1025] In Octets (MB). The total number of octets received on theinterface, including framing characters.

[1026] In Packets

[1027] Create time

[1028] SID. Service ID

[1029] A “Cable Modem Status Directly from Modem Frame” may displayinformation that has been retrieved from the cable modem itself,including some or all of:

[1030] Description. A text description of the entity. This value mayinclude the full name and version identification of the system'shardware type, software operating system, and networking software.

[1031] System uptime. Time the system has been up for, since lastreboot.

[1032] CMTS MAC address. MAC address of this cable modem. For a cablemodem with multiple MAC addresses, the MAC address associated with thecable interface may be displayed.

[1033] Ranging response waiting time. Waiting time for a RangingResponse packet.

[1034] Ranging waiting time. Waiting time for a Ranging packet.

[1035] Upstream transmit power. The operational transmit power for theattached upstream channel.

[1036] Resets. Number of times the cable modem reset or initialised thisinterface.

[1037] Lost syncs. Number of times the cable modem lost synchronisationwith the downstream channel.

[1038] Status code. In this embodiment, this may consist of a singlecharacter indicating error groups, followed by a two or three digitnumber indicating the status condition.

[1039] Invalid MAP. Number of times the cable modem received invalid MAPmessages.

[1040] Invalid UCD. Number of times the cable modem received invalid UCDmessages.

[1041] Invalid ranging. Number of times the cable modern receivedinvalid ranging response messages. Invalid registration. Number of timesthe cable modem received invalid registration response messages.

[1042] Counter T1, T2, T3 or T4 expired. Number of times counter T1, T2,T3 or T4 respectively expired in the cable modem.

[1043] Down channel frequency. The frequency band associated with thisupstream channel.

[1044] Up channel frequency. The centre of the frequency band associatedwith this upstream channel. Minimum permitted upstream frequency is5,000,000 Hz for current technology.

[1045] Up channel transmit timing offset. A measure of the upstreamtransmissions.

[1046] Relative priority [0-7]. A relative priority may be assigned tothis service when allocating bandwidth. (0) may be used to indicatelowest priority; and (7) may be used to indicate highest priority.Interpretation of priority is device-specific.

[1047] Maximum upstream bandwidth (kbps). The maximum upstreambandwidth, in bits per second, allowed for a service with this serviceclass.

[1048] Guaranteed upstream bandwidth (kbps). Minimum guaranteed upstreambandwidth, in bits per second, allowed for a service with this serviceclass.

[1049] Maximum downstream bandwidth (kbps). The maximum downstreambandwidth, in bits per second, allowed for a service with this serviceclass.

[1050] Transmit burst. The maximum number of minislots that may berequested for a single upstream transmission.

[1051] Profile status.

[1052] Downstream signal to noise ratio: describes the Signal/Noise ofthe downstream channel.

[1053] Micro reflections: A rough indication of the totalmicroreflections including in-channel response as perceived on thisinterface, measured in dBc below the signal level.

[1054] Examples of performance information which the present applicationmay be used to monitor include:

[1055] Current In: current number of octets received on the CM, inBytes/seconds

[1056] Current Out: current number of octets transmitted by the CM, inBytes/seconds

[1057] Average In: average number of octets received on the CM, inBytes/seconds

[1058] Average Out: average number of octets transmitted by the CM, inBytes/seconds

[1059] Maximum In: maximum number of octets received on the CM, inBytes/seconds

[1060] Maximum Out: maximum number of octets transmitted by the CM, inBytes/seconds

[1061] Current SNR: current Signal/Noise ratio as perceived for upstreamdata from the CM., in dB

[1062] Average SNR: average Signal/Noise ratio as perceived for upstreamdata from the CM., in dB

[1063] Maximum SNR: maximum Signal/Noise ratio as perceived for upstreamdata from the CM., in dB

[1064] These data may be displayed either graphically as shown in FIG.25, or in tabular form.

[1065] A Set Top Box Manager

[1066] The provisioning system described above and the communicationsnetwork management system, which will be described in more detail belowmay be implemented in conjunction with a Set-Top Box Manager, anembodiment of which is described below.

[1067] To implement fault resolution in provisioned communicationssystems, it is often necessary to have direct access to the userequipment. It may be possible to resolve faults by instructing a user toimplement changes in the user equipment. However, for more complicatedfaults, it may be necessary for a system engineer to attend the user'ssite. This may mean that there is a significant delay between faultdetection and resolution.

[1068] The set-top box manager (STB-MGR) is a tool which may allowcustomer service operators and network operators to interact directlywith user devices, such as a Set-Top Box or DOCSIS-compliant (Data OverCable Systems Interface Specification compliant) cable modems. TheSTB_MGR may allow a service provider to reduce the lead-time for problemresolution.

[1069] The STB-MGR tool may be provided as part of the system describedherein, or it may be provided in dependently. By way of example, oneembodiment of the STB-MGR will now be described in more detail. Thefeatures of the system described herein may be provided in combinationsother than those outlined here and may be provided independently unlessotherwise stated. The following description is not intended to belimiting in any way. Potential users of the system may be described ascustomers or subscribers in the following description.

[1070] As stated above, the STB-MGR tool may be used to provide thecustomer service operator with a means of interacting directly with auser's Set-Top Box to reduce lead-time for problem resolution.

[1071]FIG. 11 provides an outline of how one embodiment of the STB-MGR1102 may be incorporated into a network environment for provisioningapparatus. Other elements of the provisioning apparatus, such as theCable Modem Manager 1104 and the knowledge Manager 1106, are describedherein and may be implemented alongside the STB_MGR. In an alternativeembodiment, features of the other elements maybe incorporated into theSTB_MGR.

[1072] The STB_MGR tool may perform some or all of the functionsoutlined below. Features of the STB_MGR functionality may be providedindependently, or may be provided by elements other than the STB-MGRwithin the system.

[1073] By way of Example, the functions of the STB-MGR may include atleast one of:

[1074] Displaying a list of users based on the identity of their Set-TopBox. For example, based on the user's PID, MAC address or IP address.More details of this functionality are provided below.

[1075] Managing Installation parameters. This button may be configuredto run the query with the content of the selection fields and is alsodescribed in more detail below.

[1076] The type of window used by the STB_MGR tool to display userdetails may depend on the number of users for which details have beenretrieved. For example, if the details of many users are retrieved inresponse to a particular query, a “matched subscribers list” may bedisplayed. If the details of only one user is retrieved, the “‘Install’Results List Panel” for this user may be displayed. By way of example,the ‘Install’ Results List Panel may provide information such as theAbout Installation parameters, hardware and code release version, MPEGand PCM attenuation level and the MAC Address. It may be possible toupdate some Installation parameters within the ‘Install’ Results ListPanel, for example: the Network ID, QAM (Quadiature AmplitudeModulation) rs: Default frequency and symbol rate.

[1077] Detailed information from the Set-Top Box of a selected user mayalso be displayed. This information may include, for example, the AboutForward Path or the About Return Path for a particular user. Accordingto a further example, a list of events/status with time stamps may bedisplayed.

[1078] A user interface may also be provided. The user interface may bedivided into a number of different types of windows. For example, threetypes of windows may be: a selection panel to edit, for example, theuser name, PID, IP or MAC address for a particular user, a results listwindow to show user details that match a particular selection and adetails window to show all the Set-Top Box information. More details ofone embodiment of a STB_MGR user interface are provided below.

[1079] Use of one embodiment of the STB-MGR tool will now be describedin more detail. A number of user issues and problems that may beovercome by use of the STB_MGR will be described to illustrate use ofthe STB-MGR tool, but these issues are not limiting and are provided byway of example only.

[1080] According to the first example scenario, a user makes a complaintthat the can not gain access to a regional channel. By way of example,this complaint may be dealt with using the steps outlined below.

[1081] A typical screen display which may be viewed by the STB_MGR tooloperator whilst dealing with this problem is shown in FIG. 12.

[1082] Step 1: Display Subscribers Set-Top Box Installation parameters

[1083] Ask the caller for their name or PID and input this informationinto the relevant PID 1202 or Name 1204 fields.

[1084] Click on the Search button 1206 to view the Set-Top Box-Managerscreen display.

[1085] In this example, the correct Set-Top Box is identified and thedetailed Set-Top Box information, for example the Default Frequency1208, is automatically displayed.

[1086] Step 2: Analyze the Data

[1087] In this example, the value of ‘Network ID’ 1210 does not matchthe region of the subscriber (this may occur due to a moving forinstance). In this example, the problem may be cured by updating theSet-Top Box installation to reload the right Set-Top Box configurationfile, as outlined in Step 3.

[1088] Step 3: Update Set-Top Box configuration

[1089] In this embodiment, the Set-Top Box configuration file may beupdated by editing the right Network ID 1210 and clicking on the Updatebutton 1212 to display the Set-Top Box-Manager tool screen

[1090] In a second scenario, a user makes a complaint that he can'taccess a pay-per-view service. By way of example, this problem may besolved, with reference to FIGS. 12 and 13, using the following numberedsteps:

[1091] Step 1: Check Installation parameter

[1092] In this example, this may be done in the same way as in Step 1 ofthe previous scenario, but, in this case, the initialization parametersare correct.

[1093] Step 2: Display Subscriber's Set-Top Box Forward parameters

[1094] Ask the caller for their name or PID and input this informationinto the relevant fields 1202, 1204.

[1095] Click on the ‘Search’ button 1206 to view the Set-Top Box-Managerscreen display, as illustrated in FIG. 12.

[1096] Click on ‘Forward Path’ 1214 menu to view the Set-Top Box-Managerscreen display shown in FIG. 13.

[1097] Step 3: Analyze the Data

[1098] In this example, the value of ‘Credit’ 1308 shows that the userdoes not need to carry a sum to his credit. The status of the smardcard1310 may show that the Credit Card is out of order. In analysing thedata, the STB_MGR operator may be able to identify problems with theuser's system which may be preventing the user from accessing thepay-per-view service. The user may then be able to rectify, for example.problems resulting from his credit card.

[1099] In a third scenario, the subscriber makes a complaint that hisSet-Top Box often reboots. This problem may be solved, by way ofexample, according to the following numbered steps.

[1100] Step 1: Check Installation Parameters

[1101] In this example, Step 1 may be implemented in the same way as inStep 1 of the previous scenario, but, in this case, the initializationparameters are correct.

[1102] Step 2: Display Audit information

[1103] With reference to FIG. 12, click on the Audit menu 1216 to viewthe Set-Top Box-Manager screen display shown in FIG. 14. The event log1402 is displayed.

[1104] Step 3: Analyze the Data

[1105] This may allow the operator to see if the number of rebootsannounced by the subscriber is correct and abnormal. Further action maythen be taken to rectify any problems detected in the event log.

[1106] Further details of a preferred embodiment of a user interface forthe STB-MGR tool are outlined below. Features may be providedindependently or in alternative combinations. Features of the followingcomponents of the STB-MGR tool user interface are outlined: theConnection Window, the Main Window and the Top-bar. Features describedherein may be applied to other components of the STB-MGR tool.

[1107]FIG. 15 illustrates a screen shot of an embodiment of theConnection Window. According to a preferred embodiment, the Set-TopBox-Manager tool may be accessed by an operator by entering the correctURL in the browser bar. According to a further, optional feature, theSet-Top Box-Manager can be accessed directly either from a CustomerOperations Dashboard application, for example, by clicking on ‘STB-MGR’in the top bar or from a Network Operations Dashboard application, fromeither the Alarm Explorer or the Location Explorer. The CustomerOperations Dashboard application and the Network Operations Dashboardapplication may comprise applications via which system or networkoperators may access a number of different tools, such as the STB_MGRtool, to help in fault detection or resolution.

[1108] A login window may be provided for the Communications Window, asshown in FIG. 15, at which a valid username 1502 and password 1504 arerequired. Text entered in the Password field may be obscured withasterisk (*) characters. If connection fails due to an incorrectusername or password, a connection error dialog box may be displayed.

[1109] A screen display of one embodiment of the Main Window is shown inFIG. 16. According to one embodiment, the Main Window may be used toretrieve details from the Set-Top Box Manager (STB-MGR) based on eitheruser information, IP Address or MAC Address or to check the status of auser's Set-Top Box.

[1110] Preferably, a Select Panel 1602 may be provided as part of theMain Window and may be used to search within any combination ofselection fields such as the Last name 1604 or First Name 1606 of auser, a user's PED 1608, an IP address 1610 or a MAC Address 1612.

[1111] Preferably, at least one field must be completed to run the queryand avoid an error message. A cancel button 1614 may be provided toclear the content in the selection fields. A Search Button 1616 may beused to run the query with the content of the selection fields.

[1112] As described above, the window displayed may depend on the numberof users for whom details are retrieved:

[1113] If many user details are retrieved, the “matched subscriberslist” may be displayed.

[1114] If the details of only one user is retrieved, the ‘Install’Rcsults List Panel for this user may be displayed.

[1115] In this embodiment, the ‘Install’ Results List Panel is displayedand shows the results of the query matching the selection. A screen shotof this panel is shown in FIG. 16.

[1116] The ‘Installation’ parameters that may be displayed for aparticular user include:

[1117] Default frequency 1618: Frequency in Hz of the Home TransportStream

[1118] Default symbol rate 1620: Rate at which the data leaves themodulator. In one embodiment, the symbol rate may be calculated asoutlined below:

[1119] symbol rate=input rate rate (Mbps)*framingoverhead*1/RS-rate*1/FECrate modulation factor

[1120] QAM 1622: Type of Quadrature Amplitude Modulation (for example,QAM64 or QAM256)

[1121] PIN 1624: The user's Personal Identification Number

[1122] Network ID 1626: Identifies the network segment (in DVB terms) towhich the STB is attached. If a subscriber moves from one region toanother, he typically needs another STB ID

[1123] Hardware version 1628: Version of the hardware platform

[1124] Code release version 1630: Release number of the softwareplatform

[1125] Build date 1632: Download date of the software platform

[1126] MPEG attenuation level 1634

[1127] PCM attenuation level 1636: Pulse Code Modulation attenuationlevel

[1128] Attenuation 1638

[1129] MAC address 1640: MAC address of the integrated cable modem

[1130] Update Button

[1131] In a preferred embodiment, the user can use an ‘Update’ button1642 to modify only information displayed in FIG. 16 with a whitebackground, by edition or pre-defined value selection. The parameterswhich it is possible to modify may include some of all of the following:

[1132] Default frequency 1618

[1133] Default symbol rate 1620

[1134] QAM 1622

[1135] PIN 1624

[1136] Network ID 1626

[1137] The Update button 1642 preferably displays a confirmation box.

[1138] A further feature may be the ‘Forward Path’ Results List Panel,an example of a screen display of which is shown in FIG. 17, which maydisplay parameters such as those outlined below:

[1139] SNR estimate 1702: Signal/Noise estimate. Should be high if thereis little noise

[1140] Pre RS Error rate 1704: Number of errors per 500 ms beforeReed-Solomon error correction

[1141] Post RS Error rate 1706: Number of errors per 500 ms afterReed-Solomon error correction

[1142] Lock status 1708: Indicates whether the STB is successfully tunedto a transport stream (i.e. locked to a RF carrier).

[1143] Last PAT 1710: Last time/date when a Program Association Tablewas received

[1144] Last CAT 1712: Last time/date when a Conditional Access Table wasreceived

[1145] Channel table 1714: Status of the channel table capture process,for example: “Looking for UPDATES” means that the STB is receiving DVBSI tables under normal conditions. If the status remains “Looking forNIT”, it means the STB can not receive the Network Information Table

[1146] Number of transport streams 1716: Number of Transport Streamsavailable received by the STB (i.e. Transport Streams available to theconfigured Network ID)

[1147] Number of services 1718: Number of video services (digitalchannels) available received by the STB (i.e. DVB services available tothe configured Network ID).

[1148] AGC combined 1720: Combined Audio/Video gain currently applied tothe forward Path signal.

[1149] AGC stands for Automatic Gain Control.

[1150] Current TSD: Transport Stream ID to which the STB is currentlytuned.

[1151] Current Service ID: Service ID (i.e. digital channel) to whichthe STB is currently tuned.

[1152] In a preferred embodiment, at least some of the followinginformation may also be provided in the “Forward Path Results” ListPanel:

[1153] Nagra serial number 1722: CAS (Conditional Access Smartcard)serial number.

[1154] Smartcard status 1724: Shows the status of the Conditional Accesssmartcard

[1155] IPPV status 1726: Status of theJImpulse Pay-Per-View serviceprovision

[1156] Credit 1728: Current credit available for Impulse Pay-Per-View

[1157] Smartcard Version 1730: version of the Conditional Accesssmartcard

[1158] Smartcard Revision 1732: Revision of the Conditional Accesssmartcard

[1159] CA Version 1734: Version of the CAS software kernel

[1160] CA Revision 1736: Revision of the CAS software kernel

[1161] Smartcard zipcode 1738: Zipcode of the smartcard owner

[1162] Smartcard serial number 1740: Serial number of the ConditionalAccess smartcard

[1163] Set Top Box serial number 1742: Serial number of the Set-Top-Box

[1164] Last EMM received: Dale when the last EMM was received

[1165] The information displayed may be used for fault detection andresolution for systems, such as Set-Top Boxes of users.

[1166] The ‘Return Path’ Results List Panel may display a number of‘Return Path’ parameters. An example of a screen display of the ‘ReturnPath’ Results List Panel is shown in FIG. 18. In a preferred embodiment,the parameters displayed may include:

[1167] MCNS (Multimedia Cable Network System) IP addressing

[1168] MAC address 1802: Set-Top-Box integrated cable modem physicaladdress

[1169] STB IP 1804: Configured Set-Top-Box IP address

[1170] DNS Server IP 1806: Configured domain name server IP address

[1171] Subnet mask IP 1808: Configured subnet mask

[1172] Default gateway IP 1810: Configured default gateway IP address

[1173] Quality of service 1812: Current cable modem configuration file(which may be used to define the Quality of Service allocated to theSTB)

[1174] Liberate proxy 1814: IP address of the Liberate Proxy server(alternative types of Proxy servers may be used in some implementations)

[1175] Liberate security proxy 1816: IP address of the Liberate SecurityProxy server (alternative types of Security Proxy servers may be used insome implementations)

[1176] First URL 1818: URL opened upon start-up of the browser. Thebrowser used may depend oil the user equipment used to implement thesystem, for example the Liberate Browser may be used as a softwareplatform for browsing from a television.

[1177] MCNS Downstream

[1178] Channel frequency 1820: Frequency of the used return pathdownstream channel

[1179] Symbol rate 1822: Rate at which the data leaves the return pathmodulator. According to one embodiment, the symbol rate may becalculated as outlined below:

[1180] symbol rate=input rate rate (Mbps)*framingoverhead*1/RS-rate*1/FECrate modulation factor

[1181] SNR estimate 1824: Signal/Noise estimate. Should be high if thereis little noise

[1182] Pre RS Error rate 1826: Number of errors per 500 ms beforeReed-Solomon error correction

[1183] Post RS Error rate 1828: Number of errors per 500 ms afterReed-Solomon error correction

[1184] Lock status 1830: Indicates whether the STB is successfully tunedto a transport stream (i.e. locked to a RF carrier).

[1185] Power level 1832: Radio Frequency power level

[1186] Assigned SID 1834: Assigned DOCSIS channel identifier (ServiceIdentifier)

[1187] A further feature of a preferred embodiment may be the‘Resources’ Results List Panel, an example screen display of which isshown in FIG. 19, which may display information such as:

[1188] Available flash 1902: Free Flash memory currently available

[1189] Total flash 1904: Total Flash memory available on the STBhardware

[1190] Available RAM 1906: Free volatile memory currently available

[1191] Total RAM 1908: Total volatile memory available on the STBhardware

[1192] Available NVRAM 1910: Free non-volatile memory currentlyavailable

[1193] Total NVRAM 1912: Total non-volatile memory available on the STBhardware

[1194] A screen shot of the ‘Audit’ Results List Panel according to oneembodiment is shown in FIG. 20. This panel may be used to display thelist of the last status logged by the STB. In this example, theinformation may be formatted in 3 parts:

[1195] Date of the action in MM-DD-YYYY IIH-MM (AM/PM)

[1196] Code

[1197] Messages to describe the status.

[1198] For instance:

[1199] STBMGR_LOG_REBOOT

[1200] STBMGR_LOG_CM_OPERATIONAL

[1201] STBMGR_LOG_TUNING_PARAMETERS_CORRUPT

[1202] STBMGR_LOG_PERIODIC_RANGING_FAIL

[1203] STBMGR_LOG_TIMEOUT_ON_RECEIVING_PAT

[1204] Further messages may also be provided to describe the status ofthe STB.

[1205] The STB-MGR TopBar may contain buttons which control the overallfunctionality of the system. An example screen display of a Sct-Top BoxManager Top Bar is shown in FIG. 21. The buttons on the Top Bar mayinclude:

[1206] The ‘Install’ Button 2102 may be used to run a query relative tothe Installation information of the Set-Top Box. The selection criteriamay be set in the Select Panel (as described above) and the informationmay be displayed. This button 2102 may run the query with the content ofthe selection fields. As described above, the window displayed maydepend on the number of users for whom data is retrieved:

[1207] If data for many users is retrieved, the matched subscribers listis displayed.

[1208] If data for only one user is retrieved, the ‘Install’ ResultsList Panel for this subscriber may be displayed, as described earlierwith reference to FIG. 16.

[1209] The ‘Forw. Path’ Button 2104 may be used to run a query relativeto the Forward Path information of the Set-Top Box. The selectioncriteria may be set in the Select Panel (described earlier) and theinformation may be displayed in the ‘Forward Path’ Results List Panel(described earlier with reference to FIG. 17).

[1210] The ‘Ret. Path’ Button 2106 may be used to run a query relativeto the Return Path information of the Set-Top Box. The selectioncriteria may be set in the Select Panel and the information may bedisplayed in the ‘Return Path’ Results List Panel (described earlierwith reference to FIG. 18).

[1211] The ‘Resources’ Button 2108 may be used to run a query relativeto the Resources information of the Set-Top Box. The selection criteriamay be set in the Select Panel and the information may be displayed inthe ‘Resources’ Results List Panel (described earlier with reference toFIG. 19).

[1212] The ‘Audit’ Button 2110 may be used to run a query relative tothe Audit information of the Set-Top Box. The selection criteria may beset in the Select Panel and the information may be displayed in the‘Audit’ Results List Panel (described earlier with reference to FIG.20).

[1213] The ‘Log Out’ Button 2112 this may be used to close the currentSTB-MGR session and open a new Connection Window.

[1214] A summary of the functionality of one embodiment of the STB-MGRis provided below:

[1215] The STB-MGR may be used to increase call centre efficiency byfacilitating remote operations and reducing manual transfers andinterventions. The functionality of a preferred embodiment of theSet-Top-Box Manager may include:

[1216] Monitoring the status of a particular Set-Top-Box by sending arequest to the STB directly with any of the following being used asinput criteria: STB MAC address, STB IP address or subscriber name/PID.As described above, the following sets of data may be retrieved from theSTB:

[1217] Installation parameters

[1218] Forward path parameters

[1219] Return path parameters

[1220] Resources information

[1221] Audit information.

[1222] Polling a set of selected Set-Top-Boxes for a given period oftime in order to gather history of STB utilisation.

[1223] Selected STB may be polled at a regular interval for a definedduration (customisable)

[1224] The polling feature may be limited to a configurable number ofsimultaneous STB to be polled.

[1225] The data generated by this polling may be stored for aconfigurable time period in a separate database or until extra space isneeded to store more recent data.

[1226] A web-based application may allow operators to view, over thepolled time period, utilisation of:

[1227] STB Memory

[1228] Channels

[1229] Transport Stream ID

[1230] Service ID

[1231] In a preferred embodiment, the managed information may include:

[1232] Installation parameters

[1233] Default frequency*

[1234] Default Symbol Rate*

[1235] Modulation type*

[1236] PIN*

[1237] Network ID*

[1238] Hardware version

[1239] Code Release version

[1240] Build date

[1241] MPEG Attenuation

[1242] PCM Attenuation

[1243] Attenuation*

[1244] Mac Address

[1245] Forward path parameters

[1246] Conditional Access Status

[1247] Nagra Serial Number

[1248] Smart card Status

[1249] IPPV Status

[1250] Credit

[1251] Smart card Version

[1252] Smart card Revision

[1253] Conditional Access Version

[1254] Conditional Access Revision

[1255] Smart card Zip Code

[1256] Smart card Serial number

[1257] Set-Top-Box Serial Number

[1258] Last EMM received: Date when the last EMM was received

[1259] DVB Demodulator Status

[1260] SNR Estimate

[1261] Pre-RS Error Rate

[1262] Post-RS Error Rate

[1263] Lock Status

[1264] Last PAT

[1265] Last CAT

[1266] Channel Table

[1267] Number of Transport Streams

[1268] AGC Combined

[1269] Return path parameters

[1270] MCNS IP Addressing

[1271] Mac Address

[1272] STB IP Address

[1273] DNS Server IP Address

[1274] Subnet Mask IP Address

[1275] Default Gateway IP Address

[1276] Quality of Service

[1277] Liberate Proxy

[1278] Liberate Security Proxy

[1279] First URL

[1280] MCNS Downstream

[1281] Channel Frequency

[1282] Symbol Rate

[1283] SNR Estimate

[1284] Pre-RS Error Rate

[1285] Post-RS Error Rate

[1286] Lock Status

[1287] Power level

[1288] Assigned SID

[1289] STB Resources information

[1290] Available flash memory

[1291] Total flash memory

[1292] Available RAM

[1293] Total RAM

[1294] Available NVRam

[1295] Total NVRam

[1296] Audit information

[1297] Log of the last STB operations (Date/Code/Operation . . . )

[1298] (Preferably, appropriate installation parameters (*) can beupdated directly from the STB Manager front-end (reload of the rightSet-Top Box configuration file).)

[1299] The Architecture of a preferred embodiment can be summarised asfollows with reference to FIG. 22: The STB manager is preferablyimplemented as a distributed web based application. It may be deployedcentrally for a small amount of STBs to poll but could be distributed asthe number of polled cable modems increases. The preferred STB managermay be implemented in conjunction with its own database to storehistorical data polled from cable modems.

[1300]FIG. 22 shows one embodiment of an STB manager with a distributedsolution. This may provide the advantage that the number of STB that canbe polled by this solution is greater than in a centralised solution.Only infrastructure elements relative to the STB Manager are shown inFIG. 22.

[1301] Any convenient hardware and software platform may be used. Purelyby way of example, a Unix platform may be used, and this may beconveniently based on readily available components. Hardware andsoftware resources required are not excessive and, for example, acommercial deployment may be implemented readily using the hardware andsoftware below (or equivalents).

[1302] Hardware for STB manager:

[1303] Sun E420

[1304] 1×450 MHzCPU

[1305] 1 Gb RAM

[1306] 2×17 Gb disk

[1307] Additional software required for STB manager

[1308] Apache 1.3.19

[1309] Tomcat 3.2.1

[1310] JVM 1.3.1

[1311] Solaris 7 or 8

[1312] Database: Oracle or any SQL-compliant database

[1313] A further feature of one embodiment of the present system may bethe Digital Subscriber Line modem manager. The DSL modem manger mayallow an operator to view the status of each VPN subscriber's DSL lineand modem. For example, when an ADSL CE router is provisioned in thedatabase, a DSLAM port must be assigned for the customer and using DSLmodem manager it may then be possible to gather information. Examples ofthe information which may be gathered may include one or more of: thecustomer name, the port on the DSLAM, the port status, the modem SNRUS/DS, a 5 minutes average input/output rate and bytes input and output.The invention independently provides a method comprising gatheringstatus data from a DSJ modem connected to a broadband comprisingcommunicating with the modem or an agent associated with the modem overthe network.

[1314] A further feature of the system described above may be the VPNMPLS network manager. Using the network view of MPLS network manager, itmay be possible to browse, for example: PAD (PACA), POP (Antibes), PErouter (PE4).

[1315] The network view of the network manager may also be used to showthe VPN logical view functionality that displays, for example, VPNs fromthe OSS database and VRFs that are auto-discovered from the PE.

[1316] The network view of the network manager may also be used to show,for example the PE router's:

[1317] CPU (MRTG)

[1318] Memory (MRTG)

[1319] Interface bandwidth utilization per physical interface. Show thebutton that can be used to define target max aggregate bandwidth for thephysical interface

[1320] Number of sub-interfaces per physical interface. Show the buttonthat can be used to define target max number of sub-interfaces perinterface

[1321] Total number of VRFs (target max VRFs can be edited by clickingon a button)

[1322] CEF statistics (show ip cef summary)

[1323] The customer view of MPLS network manager may be used to browse,for example: Customers (B), VPNs (VPN B), PE routers and CE routers.

[1324] When on the PE router level one can view the same data in thecustomer view as in the network view, an example of which is providedabove.

[1325] All of the above features are advantageously provided in anexemplary network manager; however, features may be omitted in asimplified embodiment.

[1326] A further feature of the present embodiment may be the ISM VPN,which may advantageously be implemented using one or a number of agents.Each agent may monitor the network for, for example: VPN connectivity,VPN Performance, Centralized services, Management VPN and Audit &accounting.

[1327] In a preferred arrangement, which may be independently provided,at least one agent is provided, the agent comprising means for accessinga service and means for signalling an alarm in the event of detection ofa fault condition. By providing an agent which accesses a service,potential or actual faults may be more reliably or rapidly identified ascompared to detection of a hardware failure and subsequent determinationof affected services.

[1328] For each alarm that may be generated by ISEA VPN, each ISEA maybe able to detect connectivity, performance, management, audit andcentralised service problems independently. Five different scenariosthat simulate each type of problem will now be described by way ofexample.

[1329] VPN Connectivity Alarm

[1330] A VPN connectivity alarm may be generated by making a CE routerunavailable. This may occur if, for example, the CE router's Ethernetconnector is physically unplugged. In this situation, ISM may beconfigured to generate a VPN connectivity alarm.

[1331] Performance Monitoring

[1332] A performance alarm may be triggered, for example, when the datais beyond “acceptable” levels, for example, the system may be set up totrigger a performance alarm when data is being processed at a slowerrate than it is being received. Rate limiting may be disabled from theVPN to make performance acceptable. Preferably, the disabling of ratelimiting may allow the alarm state to be overcome within 1 minute.

[1333] VPN Central Services Monitoring

[1334] A central services alarm may be generated in the ISM in certainsituations, for example, if the ISEA is continuously monitoring centralservices (email and www) offered from the operator's central servicessite and the central services www server is shut down, a centralservices alarm may be generated. Preferably, when the www server isresumed ISM central services monitoring should return to green status inless than 1 minute.

[1335] Management Network Monitoring

[1336] The ISEA may include management VPN monitoring that can check onthe status of the management VPN by continuously pinging the managementnetwork central router. A management services alarm may be triggered if,for example, the IP address of the management router is de-configured.If the management services router is subsequently re-configured, ISMcentral services monitoring preferably returns to green status in lessthan 1 minute.

[1337] Audit & Accounting

[1338] Using ISEA MPLS, examples of statistics that may be gathered foreach VPN include:

[1339] Total uploads/downloads for each CE router using Netflow

[1340] Analysis of traffic patterns using netflow.

[1341] A further feature of an embodiment may be the Imagine ComponentFault Manager (ICFM). An ICFM view may show an inventory with a map ofthe network of the system. The ICFM may be implemented as a client ofthe inventory manager that is described in more detail later.

[1342] A Knowledge Management System (KMS) may be implemented as part ofthe ICFM, it may be possible to right click on “documentation” for agiven PE router to show the documentation associated with the device.Further, a component alarm may be generated by shutting down the PE-PEcore link on PE3. This alarm, and the documentation associated with thealarm may be shown within the ICFM. The documentation linked to thealarm may also be modified within the ICFM.

[1343] A link to a configuration manager may also be provided for eachPE router, for example it may be possible, for a given PE router, toclick on “Configuration manager” to be taken to the “ConfigurationManager” application and to view the configuration file of the PErouter. A link to an inventory manager in the ICFM, outlined in moredetail below, may also be provided and may be used to be taken to theinventory manager application

[1344] An inventory manager may further be provided in which it may bepossible, for example, to add a new PE router (for example, PE 5 of typeCisco 3662) to the Sophia Antipolis POP. Equipment can beauto-discovered by, for example, running an auto-discovery script. Afile may be generated to populate the database.

[1345] As part of the resource management of the inventory manager, itmay be possible to define a pool of IP addresses by adding a new pool ofIP addresses. Utilization statistics on the pools of IP addresses andthe pools of RTs, RDs, VLANs, ASN numbers may be viewed.

[1346] A further feature of one embodiment of the present invention maybe a Configuration Manager, which may allow the use of templateconfiguration files. New template files may be added to the templatemanager.

[1347] Further, the configuration file may allow the display ofconfiguration files of routers in the system and may allow the versionhistory of configurations on routers to be displayed.

[1348] HSD Agent

[1349] One embodiment of an agent that may be used in conjunction withthe system and methods described herein is a High Speed Data (SD) agent.The HSD agent may be implemented as a standalone system, or may beimplemented alongside other aspects of the system described herein. TheHSD agent preferably allows a HSD network operator to monitor servicesas they are delivered to the service user, i.e. in the “last mile”. Inparticular, the agent may provide remote visibility of all criticalparameters involved in the High-Speed Data service.

[1350] According to one embodiment, the agent is physically located asone agent per HUB. The agent may provide sophisticated,permanently-running scenarios to simulate extensive HSD end useractivity. The simulated user activity may include simulating some or allof the following:

[1351] Provisioning process

[1352] Internet access

[1353] ISP access

[1354] Security checks

[1355] The agent may further provide:

[1356] Easy configuration of scenarios in XML language

[1357] Logging of service outages to local files

[1358] Integrated Web Server for Service Monitoring

[1359] Specific check on request

[1360] Failure diagnostics.

[1361] Interface to any external SNMP manager (e.g. HP OV, or Spectrum)

[1362] The architecture of the HSD agent preferably allows the agent tooperate as close to the customer as possible. A scheduler may be used tosupervise the launching of the Service Emulation scenarios. According toone embodiment, these scenarios test parameters involved in the natureof the service; regardless at this point to the access technologies orthe state of the network components involved in the transport. FIG. 58illustrates one embodiment of a scenario organisation for a HSD agent,controlled by a scheduler manager.

[1363] The HSD agent may be implemented on a number of differenthardware and software systems. Typical implementations may run on, forexample Linux Red Hat 7.1, Java JDK 1.3.1, Apache 1.3.20, Tomcat 3.2.1,NetSaint plug-in. According to one embodiment, hardware requirements mayinclude 2×17 GB Disk, Pentium 3 750 Mhz processor, 256 Mo RAM, 10 GB and2 Linux compliant Ethernet Cards.

[1364] The IP Address Manager

[1365] A further aspect of the systems and methods described herein isthe IP address manager. The address manager may allow a service providerto optimise resource allocation within the network, wherein the networkmay be a multimillion address network. The IP Address Manager may beimplemented as part of a suite of Network Management Tools or may beimplemented as a stand-alone, vendor agnostic produce. The addressmanager may allow a service provider to track the use of every single IPaddress and to centrally manage entire scopes of IP addresses in asingle operation. According to a preferred embodiment, the AddressManager satisfies both legal requirements and security proceduresrequiring a detailed monitoring of suspected access to restrictedresources on the network.

[1366] The IP Address Manager is preferably implemented with at leastone of the following management functionalities:

[1367] Identity Management may enable instant access to the name, type,location, domain name of every single IP address currently in use in thenetwork, as well as providing an history of the usage of any IP address.

[1368] Scope Management may provide a series of tools that enable theservice provider to analyse the allocation of ranges of IP addresses.The IP Manager may display the percentage of IP addresses

[1369] allocated per DHCP server, which may enable proactive balancingsteps to be taken before service failure. Scope Manager may also enablea provider to edit, remove and add any fraction of the IP range anytimeand anywhere, providing full control of, for example CMTS, accessservers, DHCPs, UBRs and DSLAMs.

[1370] According to one embodiment, Domain Name Server Management isconstituted of a series of functionalities which may be used to verifythe integrity and the reversibility of the association of an IP addressto a domain name.

[1371] Preferably, the IP manager may be implemented with reportingcapabilities, including graphic and statistic features and may alsointerface with third-party reporting software.

[1372] The IP Address Manager may be implemented as part of a suite ofservice assurance tools and so is preferably implemented with a modulararchitecture. The integration of the IP address manager into a serviceassurance suite according to a preferred embodiment is illustrated inFIG. 59. The IP Address Manager is preferably located in the NetworkOperation Centre since the ability of the tool to manage a multimillionaddress network makes it a centrally based application. The IP AddressManager is preferably implemented with a Graphical Interface, which mayallow context-sensitive help to be provided to the network engineers ateach step. Examples of the information provided in the context sensitivehelp may include: the exact page containing the relevant hardware vendordocumentation, in-house recovery procedures and reminders of thetechnical and business rules.

[1373] Operational Integration with BSS Modules

[1374] Integration with BSS elements may allow the IP Address manager tomanage multiple logical groups of users, which may be used to allowusage-based billing for dedicated services. Usage-based billing may beprovided to a user by collecting and tracking IP address assignments andlinking each address to a billing location or group. This seamlessintegration may allow the service provider to manage large-enterprisecustomers, offering them differentiated services throughorganization-based IP address management capabilities. Multi-groupmembership for a single customer may be implemented to allow customisedservices for individual users.

[1375] Scope Management

[1376] Analysis tools may be provided by the IP Address Manager toenable pro-active balancing of the network resources and to anticipatepotential service disruption. The scope management function may be usedto collect statistics about utilisation per DHCP, RADTUS servers. Theadministrator can set thresholds on IP address scope to generate alarmswithin a Component Fault Management tool (ICFM). Based on thesestatistics, the network administrator may reserve and assign IP addressacross networks, domains and subnets. The scope management feature mayallow the service provider to edit, cut and add IP address ranges, orfractions of ranges, and update the scope of IP addresses on the DHCPand RADIUS servers from a central location.

[1377] Inventory Capabilities

[1378] In order to cope with the proliferation of 1P addresses andequipment in the broadband environment, the IP Address Managerpreferably provides a view of a large proportion of the IPinfrastructure. The IP Address Manager may allow views by subnet, andmay support Variable Length Subnet Masks (VLSM) to handle subnets in themost flexible and effective way. “Per location” and “per type ofequipment” views may also be provided in addition to or instead of theper subnet view. The module may further allow the management of allcomponent IP addresses and subnets with detailed component configurationfrom a given IP address (name, type, and location). This granularity andflexibility in the views may allow cost effective resource managementcapabilities. IP Address Manager can reserve and assign subnets. IPaddress management may also allow quick and easy re-arrangement of thesubnets, reflecting the frequent changes in the network organization.

[1379] Policy and Class-of-Service Management

[1380] The IP Address Manager may interfacing to DHCP and Radius Serversto offer the capability to create Classes-of-Services and Policies.Policies may be used to create consistent subnet addressing schemeswithin multiple sublets, helping to ensure efficient network managementand simplified administration. Sub-addresses ranges can be dedicated todifferent types of cable modems or tiered client classes. Policiescreation or modification may be reflected in the service providerbilling elements.

[1381] DNS Management

[1382] The DNS Management functionality may allow the service providerto check the availability of an IP address in the DNS server, which mayallow the service provider to identify potential causes of servicedisruption. According to one embodiment, Incognito's IP Commander DNSsolution may be used with IP Address Manager interfaces for DNSManagement. The IP Address Manager may allow reverse/forward querymatching in order to check the IP/Domain association. As a logicalcomplement to its subnet capabilities, the IP Address Manager may alsobe used to manage DNS Zone and Domain allowing the necessary granularityto differentiate services.

[1383] Typical hardware requirements which may be used to implement theIP Address Manager system may include: Sun E420, 1×450 MHz CPU, 1 Gb RAMand 2×17 Gb disk. Software Requirements for a typical embodiment nayinclude: Apache 1.3.19, Tomcat 3.2.1, JVM 1.3.1 or Solaris 7 or 8.

[1384] An outline of further features that may be provided as part ofthe IP address manager system is provided below. Some or all of thesefeatures may be provided in some embodiments of the system.

[1385] Included or Supported servers/services may include: DNS/DDNS BIND8.x compliant, DHCP, RADIUS and SNMP.

[1386] Data storage may take the form of relational database support(e.g. Sybase, Oracle or another relational database) or a directoryservice (LDAP Support) (e.g. NDS, Netscape, University of Michigan oranother directory service)

[1387] Data may be imported using, for example DNS zone files,Unix/etc/host files, BOOTP, User-defined/program-defined system.Similarly, data may be exported using DNS zone files, BOOTP/DHCP,Unix/etc/host files, a user-defined text-based format or aprogram-defined custom format.

[1388] DHCP services may include: multiple subnets/segment, dynamic DNSupdate, ping testing before assignment, assign based on MAC address,global templates, template per subnet/by logical group, view activelease information, variable length subnet masks (VLSM), user-to-addressmapping, failover DHCP Services, static IP @ assignment & reservation,assignment of PC IP addresses based on CM (i.e. access portal) rights,IETF Draft Standard lease query & inverse lease query, support of sourceverify DHCP to prevent IP @ spoofing.

[1389] DNS services may include dynamic DNS, incremental DNS updates,direct DHCP integration, GUI management, BIND forwarder/zone updates,integration of infrastructure db with DNS.

[1390] Management may take place over: web management, Java managementtool, native NT management tool, native UNIX management tool, SNMP MIB,Reporting/Reporting Tools.

[1391] Reporting features may include: IP Address by device/object,Reserved objects, Dynamically allocated objects, DHCP server status, Byadministrator, By domain, By subnet, Audit, User-customizable, Servicetake-up/churn rate per service per location, IP address statistics perlocation, IP address statistics history per location, Fault impactanalysis with impacted subscribers, CMTS management (flap list,segmentation), Security audit, Automatic TTS creation.

[1392] Remote access may also provided via, for example, Windows95/98/NT/W2K clients, HTMUServlet w XML/XSL, Java applet, Telnet,X-Window,

[1393] Other features of the IP Address manager may include: CentralisedIP @ mgt for infrastructure components, Centralised IP address inventoryfor subscriber address pools, Command line interfaces, Applicationprogramming interfaces, Full E2E service monitoring, IP address bysubscriber ID (real time), IP address history by subscriber ID, CSR canview real time service status per location, CM management.

[1394] VPN Service Assurance

[1395] A further tool which may be implemented in conjunction with thesystems and methods described herein is the Service Assurance (ISA)suite for Virtual Private Networks (VPNs)

[1396] The ISA suite is preferably arranged to monitor the VPN servicethat is supplied to a user. This service may comprise a number ofdifferent VPN technologies, such as Layer 3 MPLS (Multi-Protocol LabelSwitching), IPSec (IP Security) and Layer 2 MPLS (Martini and Kompelia).This may allow the ISA to be integrated easily into existing systems andto work with existing technologies. The service is preferably monitoredby monitoring a series of key indicators of the health of the servicewhich is delivered to the user. This may be advantageous over thedisjointed prior art systems which use a series of technical alarmsgenerated by numerous network management systems to monitor the systems.The ISA suite may also be used to simulate complex scenarios relating tothe delivery of the VPN services and so test VPN service delivery.

[1397] The service assurance aspect may be provided independently or maybe integrated with other system components disclosed herein, forexample, the ISA may be integrated with a system provisioning too.

[1398] The architecture of the ISA is preferably modular so that the ISAmay be based on a series of modular elements that may work together forthe monitoring of the end-to-end performance of VPN services. Anoverview of one embodiment of the architecture is shown in FIG. 60 inwhich Customer Edge (CE) Router Managers offer full access to VPNelements, Service Agents monitor VPN services' key features, and theService Fault Management platform correlates the different OSS elementsto simplify the outage resolution from universal graphical frontends.

[1399] A further aspect of the VPN monitoring ISA suite may be I-SEAstand-alone systems (or Agents). The agents are preferably located inthe network provider Point-of-Presence (POP) and may be used to test andmonitor the VPN services and their provisioning.

[1400] According to one embodiment, the I-SEA redundant principle isbased on “round robin” sophisticated scenarios where the features of thecreated VPN link may be tested and where end-user activity may besimulated.

[1401] According to a preferred embodiment, the agent can test, forexample Provider Edge (PE) and CE links, IPSec tunnels, security, QoS,performance by Class-of-Service and central services (mail, internetaccess, VoIP, etc). The agent may also be used to monitor managementlinks and services. The agent may also monitor a user's IP servicewithin a VPN and within a wide range of protocols (for example, HTTP,ICMP, SMTP and POP). Agents may be implemented for MPLS and IPSec-basedVPNs as well as Layer 2 MPLS (Martini and Kompella). Agents arepreferably implemented to run on standard PCs running, for example, aLinux operating system.

[1402] According to a preferred embodiment, network providers can createscenarios based on the Class-of-Services (DiffServ) that the used in thenetwork or that are required by the user.

[1403] The agent may be implemented to monitor that the VPN user hasaccess to the service or services that they are entitled to. Hence theagent may be implemented in a flexible manner. Use of the agents mayprovide the advantage that Service Level Agreement (SLA) metricsassociated with the offered VPN can closely match the proposed serviceswhatever the standardized technology in the network.

[1404] An agent may implement test scenarios in order to test the VPNnetwork and service provision in the network. Preferably, an agent canexecute up to 10 scenarios per minute. A web interface may further beprovided to offer direct access to manage and create the scenarios.

[1405] As discussed above, the agents may he integrated into existingnetworks (such as IIP VPN (Itinerant Internet Protocol VPN) networks)and may be added to existing service assurance suites to enhance networkmonitoring and reporting capabilities.

[1406] According to a preferred implementation of the system, once theMPLS PE-CE link or the IPSec tunnel is provisioned by IIP VPN, theoperator can automatically activate its monitoring with the agent. Oneembodiment of the operation of this process is illustrated in FIG. 61 inwhich the agent is asked to monitor a new PE-CE link, which allows aFault Management module to monitor the VPN enhanced by this new link.

[1407] The IIP VPN module may use a template scenario in relation to theprovisioning (Class-of-Service, central services etc). In this case, theactivation of the agent may be performed in the same seamless workflow.A single agent may be used to monitor multiple VRFs (VPNRouting/Forwarding instances) on a PE. The switch from one VRF toanother may be implemented immediately and, preferably no configurationmanipulation on the PE is required.

[1408] According to a further preferable embodiment, for the purpose oflocal maintenance the reports are accessible from a local web-basedinterface, the CPE Router Manager or from a third party system such HPOpenView or Spectrum via SNMP.

[1409] The agents are preferably integrated within the ISA Suite for VPNto allow the alarms to be remotely collected by a Service Fault Manager(ISFM), which is described in more detail below. The ISFM may be used tocompile the results from all agents and may provide audit and accountingreports for example, by VPN domain, by customer, or by site.

[1410] While agents may be used to monitor the performance of the PE andCE links, a centralised module may also be implemented as part of thesystem to monitor the VPN service as a whole. A key role of the ServiceFault Manager's (ISFM) is to manage the agents and to compile resultsfrom all

[1411] Service Emulation Agents (I-SEA) and deliver a consistent view ofthe VPN service performance for various purposes. In the VPN servicescontext, ISFM is preferably located centrally and may be used tomonitor, for example:

[1412] VPN connectivity, coordinating tests of each PE-CE link to ensureVPN connectivity. ISFM preferably supports full-mesh, hub-and-spoke ormixed topologies.

[1413] VPN network performance, coordinating tests of each of PE-CE link(for example delay, packet loss, jitter)

[1414] access to central services like internet access, mail, VoIPgateways etc.

[1415] access to management services

[1416] The ISFM's functions may include:

[1417] View of the VPN service outages, for immediate maintenanceactions.

[1418] View of VPN service alarm details (e.g. time, date, subscribers).ISFM may also enable the creation of alarm severity thresholds based onpercentage of impacted subscribers, the percentage of impacted goldsubscribers, etc.

[1419] Access to alarm specific documentation, e.g. linking up to aKnowledge Management System (KMS). From a service outage, die ISFM maylist all the suspected network elements (physical or logical). The KMS,as described herein, links the platform components to relevantdocumentations (for example, vendor manuals, URL, procedures, testcases/results, engineering documents). It may also be used to linkservice alarms to the database which preferably provides a fulldescription of each service alarm, a list of recommended actions to betaken by the user (operator, corporate client), and a list of documentsrelated to the service alarm (URL, procedures, engineering documents).Finally, the ISFM may link the component alarms to the database whichpreferably provides a full description of each component alarm, a listof recommended actions to be

[1420] taken by the user (operator, corporate client) and a list ofdocuments related to the service alarm (URL, procedures, engineeringdocuments etc).

[1421] Performance of audit and report on daily, weekly or monthlyperiods for SLA per VPN domain, per customer or customer site.

[1422] Display of the list of the inpacted subscribers when interfacedwith the IP database (or an external database), with details about theirClass-of-Service (CoS) and the service they should be granted. This mayallow pro-active customer care and prioritized resource allocation.

[1423] When interfaced with Imagine Component Fault Manager (iCFM), ISFMmay perform con-elation with Component Alarms to identify and short-listthe suspected cause of the service outage.

[1424] In one embodiment, ISFM can be interfaced with a TroubleTicketing system (i.e. Clarify) for the automatic creation of troubletickets based on the severity of the service alarms.

[1425] The monitoring results are preferably accessible from two typesof web-based presentation modules:

[1426] Service Operation Dashboard (SOPs) for the Network or Serviceprovider

[1427] Customer Operation Dashboard (COPs) that may be offered by thenetwork provider to the end user as an enhanced SLA feature. COPs may beimplemented to offer direct access to some service assurance reports.

[1428] According to a preferred embodiment, both SOP and COP offerdrill-down and graphical views of the VPN and sites, identifying thefailing links and elements, for example by colours.

[1429] For full automation of the VPN service provisioning process, theJSFM may be interfaced to IIP VPN. When a PE-CE link is provisioned inIIP, IIP may generate the necessary instruction for the proper I-SEAagent to monitor the new PE-CE link with the right scenario and for ISFMto compile the results of this monitoring in the proper VPN.

[1430] When Service Fault Manager (ISFM) identifies a deterioration oran outage in the VPN services, ISFM may use a Component Fault Manager(ICFM) to shortlist the components potentially involved in the event.The ICFM preferably allows operators to collect and manage all platformcomponent alarms from a single point. Correlation Engines may be used tocorrelate service alarms with component alarms to determine thecomponent responsible for tle failure. ICFM can collect component alarmsfrom any standard industry Element Management Systems (EMS) such as HPOpenView, BMC Patrol, IIP ITO, Micromuse Netcool, Compaq TeMIP,CiscoWorks or OSI NetExpert.

[1431] According to a preferred embodiment, a Java-based PresentationModule provides a sophisticated user interface designed for NetworkOperators and Administrators (NOPs).

[1432] Types of views available may include:

[1433] Location Explorer View: a graphical view of the platform network.

[1434] Alarm Explorer View: a view that shows the details of VPNservices and their component alarms.

[1435] ICFM preferably allows reporting of component outage per vendor,equipment type, location or period and the ICFM preferably interfaceswith KMS to help fixing the problem.

[1436] A Correlation Engine may further be provided to allow fault andproblem management through, for example:

[1437] Correlation from service alarms to component alarms. From aservice alarm, die correlation engine may determine the platformcomponents that could be involved in the service outage and get thecomponent alarms of the suspected components from EMS systems.

[1438] Correlation from service alarms to impacted VPNsubscribers/users. From a service alarm, the correlation engine may beused to determine the users impacted by the service outage.

[1439] Advanced correlation capabilities, that involve an expert systemwith its rule set. It allows the operator to view only the componentalarms that are relevant for the diagnosis.

[1440] The system may further be implemented alongside a CPE routermanager, which may offer full access to remote VPN elements informationand full access to the inventory database. The CPE router manager canpreferably monitor a large range of equipment namely Cisco, Juniper,Riverstone and Unisphere and Nortel Networks.

[1441] According to a preferable embodiment the CPE router managermonitors the status of CE, PE and P routers of a particular user or VPNproviding, for example user and subscription details, traffic historyand on-demand polling. The polling function is preferably customizable,for example a group of selected equipment (i.e. serving the same VPN)can be polled at regular intervals for specified durations. The CPErouter manager is preferably integrated with the ICFM and may allowremote debugging and fixing of faults, which may significantly reducethe lead time for outage resolution.

[1442] A VPN Network Manager may also be provided to monitor, report andgenerate alarms for MPLS and IPSec network performances. The VPN NetworkManager may operate by polling the groups of physical and logicalequipment on customized periods and duration. According to a highlypreferable feature, the VPN Network Manager may be integrated with theIIP VPN. When a new PE-CE link is provisioned and activated via IIP VPN,the VPN Network Manager may be automatically updated with this addition.The VPN Network Manager may then poll this new link for the metrics thathave been defined for the VPN. The VPN Network Manager preferablymonitors metrics specific to MPLS and IPSec technologies, as well asmetrics common to the two, like memory and CPU usage.

[1443] For MPLS VPN services, VPN Network Manager is preferably arrangedto poll the performance of the VPN network, for example per networkequipment (physical or logical), per CE-PE routes and for the entireVPN. For each of these scopes some or all of the following metrics maybe monitored: Jitter, Delay, Packet loss, Throughput, VRF availability.The VNP Network Manager may also monitor Quality-of-Service (QoS)metrics as traffic management, policy and Class-of-Service (CoS) splitper equipment or VPN.

[1444] For a given VRF, the VPN Network Manager preferably also monitorstraffic shaping and congestion with standards such as Generic TrafficShaping or Frame Relay Traffic Shaping (providing history for queuing).The VPN Network Manager may also monitor the policy performance based onCAR and D-CAR.

[1445] In order to anticipate outages on the PE-CE links and based onDiffServ standards (RFC 2597 (AF), RFC 2598 (EF), RFC 2474 & 2475 (DSCP)and RFC 791, the VPN Network Manager preferably also provides statisticsabout the different Class-of-Services. This may be done, for example,per VRF, for reallocation of the workload, per CE, PE, P routers forcreation of alternation links, per site, per VPN or per customer.

[1446] The VPN Network Manager may be arranged to monitor the networkperformance per CoS. The VPN Network Manager is preferably also designedto accommodate customized CoS, in particular those that are based on theDiffServ Standards.

[1447] IPSec MPLS VPN Services may be used in tunnel mode, which mayallow the monitoring of metrics such as Jitter, Delay, Packet loss,Throughput and CE availability, for each of the created IPSec tunnels.

[1448] The VPN Network Manager is preferably implemented with aweb-based interface with drill-down logical and physical network viewsfor, for example, hourly, daily, monthly and yearly views. The views maybe used to show the current situation and history for the provideradministrative domain, the POP, the PE routers, the interfaces and thesub-interfaces. Due to its preferable VPN auto-discovery capabilities,the VPN Network Manager may also show the details for the customer VPN.

[1449] According to a further preferable feature, the VPN NetworkManager may allow operators to define alarm generating thresholds foreach of the monitored metrics. The monitoring reports may then be usedby a Configuration Fault Manager for component fault isolations and by aService Fault Manager for service fault isolation.

[1450] A Service Level Agreement (SLA) Manager may also be implementedas part of the system described above and may be used to measurecustomizable Key Performance Indicators (KPIs) and compare them withtargeted VPN KPIs.

[1451] Major VPN service KPIs include:

[1452] Availability time for each service provided to users within theVPN. These services include Internet Access, mail, access to database orselected extranet sites, chat and Video-conferencing etc.

[1453] The service may be monitored per VPN, per PE-CE link (or IPSectunnel), per location, per period (month, year).

[1454] The SLA manager may provide details about, for example:

[1455] The occurrence of service outage per service, per location or perperiod.

[1456] Performance of each VPN service (Response time, Bandwidth, QoS)per location of per period.

[1457] Time to repair after notification from the user, per severity ofoutage.

[1458] A comparison of the measured KPIs with targeted KPIs may beperformed for each customer under a SLA. The SLA Manager preferablymonitors and shows the KPI violation, identifies the time to fix afailure before the violation of the SLA and provides details about theremaining ‘service non-availability’ budget. The SLA Manager preferablyorders the Service alarms based on, for example the risk of KPIviolation and penalties incurred which may limit the risks of creatingunreachable KPIs. According to a further feature, violation of the SLAscan be notified to the customer account manager and the customer by mailor web server notification. SLA reports can be generated for use inCrystal Reports or through a web interface.

[1459] A summary of some advantages of the ISA Suite for VPN is providedbelow:

[1460] A network operator can access a unique and immediate view of theservice delivered to the network user.

[1461] The ISA suite provides seamless integration with pre-existingProvisioning Suites for VPN.

[1462] The ISA suite removes Complexity from the OSS and from VPNservice assurance, providing fast access to critical information:impacted customer listings for pro-active customer care actions, serviceto component correlation for short-listing of the suspected failingelements andl immediate access to the necessary documents.

[1463] ISA Suite for VPN reduces the VPN network complexity withcontext-sensitive help and views of the service delivered to the user.ISA Suite for VPN interfaces with the most popular OSS and NetworkManagement systems.

[1464] The ISA suite allows fast remote diagnosis since it allows remoteaccess to the PE and CE and P routers in the VPN and also provides awide range of tools supporting a large range of vendor equipment,protocols, standards and technologies.

[1465] Flexible and Scalable deployment scenarios may be implemented anda suite of stand-alone agents, may be positioned at critical points inthe network. The ISFM may further offer customizable Front-Ends forcustomer self-care, service provider, network provider with granularlights and full integration of legacy systems.

[1466] The Configuration Manager

[1467] The methods and systems described herein may further beimplemented in conjunction with a configuration manager, which may beimplemented to automate the configuration steps for providing servicesto users in a broadband network whilst maintaining flexibility in theconfiguration process and adapting to future evolution in the broadbandenvironment.

[1468] According to a preferred embodiment, the Configuration Managersimplifies all the configuration steps to a command sentence from aVerb/Entity/Attributes (VEA) language. The VEA language provides agrammar which applies a verb on an entity, and qualifies a verb with anattribute. According to a preferred embodiment, the entity is theequipment, the verb is the action and the attribute is the configurationparameter set. Use of the VEA language reduces the risk of configurationerrors in the configuration process. The entities, verbs and attributesare preferably dependent on the provider and module in use (i.e. MPLS orIPSec). Each module may be provided with a vocabulary description ordictionary and each backend preferably has a well-defined interface thatis coupled with a dictionary. The dictionaries may also be enhanced withnew ‘entities’ (i.e. equipment), new ‘verbs’ and ‘attributes’ (i.e. newprotocols).

[1469] The configuration manager may also be provided with a templatelibrary, which classifies the templates in association with the hardwareplatform, the software version, the functionalities and the context. Thetemplates can be created from multiple sources, for example MS Excelspreadsheets, manual entry or the IIP VPN module. The template librarymay allow replication of the configuration to many devices, or to thesame device multiple times.

[1470] An example of the operation of one embodiment of theconfiguration manager is provided below by way of example. When theoperator provisions a VPN element, preferably using the VEA syntax, theConfiguration Manager automatically selects the correct template fromthe template library, calls the necessary information about the impactedequipment from an Inventory Manager, creates the proper un-do actionsand generates the new configlet. The Configuration Manager may thennotify the operator who visualizes the changes and commits the action,requesting the Configuration Manager to deploy the new configuration tothe group of devices using various methods like telnet, tftp, ftp, SNMP,and others. The Configuration Manager then preferably audits thedeployment and provides a selection of potential remedies when errorsare identified. Once deployed, Configuration Manager may save and editthe version of the new configuration. Preferably, the ConfigurationManager can be emulated by the IIP VPN scheduler for ‘just-in-time’configuration.

[1471]FIG. 62 illustrates one embodiment of the architecture of theConfiguration Manager and the integration of the Configuration Managerinto a VPN provisioning network.

[1472] VPN Provisioning

[1473] A further aspect of the provisioning methods and systemsdisclosed herein may be the provisioning of VPN services.Advantageously, the VPN provisioning system described herein isvendor-agnostic and enables central or distributed end-to-end VPNprovisioning from a single front-end.

[1474] The VPN provisioning system (IIP VPN) may be implemented as astand-alone system, but is preferably implemented with other systems andtools described herein. FIG. 63 illustrates how the VPN provisioningsystem may be incorporated into a network according to one embodiment ofthe systems and methods described herein.

[1475] According to a preferable embodiment, IIP VPN automates theend-to-end process of provisioning customer, service and management MPLSand IPSec VPNs regardless of the routing equipment in the network.

[1476] According to a preferred embodiment, the IIP VPN operates asoutlined below: the IIP VPN receives the business service requests fromthe operator's CRM or from the network provider's IIP VPN front-end. Theoperator provisions the PE-CE links or tunnels and the associatedQuality-of-Service (QoS) level completing assisted fields. It thendeploys the configurations that activate the new MPLS and IPSec VPNservice.

[1477] Preferably, the IIP VPN can preferably check the CE/PEconfiguration by executing a static audit. It can also generate an I-SEAagent scenario that will test the full VPN service, for example testingthe links, the QoS and the security. ‘Just-in-time’ activation of theVPN services may be provided by scheduling the download or upload of theconfigurations to the CE or the PE. A record of the actions ispreferably maintained by OSS database, which may allow roll-back or undoof the configurations.

[1478] A Software Development Kit (SDK) may allow the network providerto offer web-based, user-friendly interfaces to service providers or toend users for self-activation. It may also keep direct access to the CLIfor batch edition.

[1479] According to a further preferred feature, IIP VPN fullyintegrates with the network provider's systems for billing and customermanagement and may further be provided with reporting capabilities,which may include graphical views of the VPN, status and metrics reportswhich are useful in meeting Service Level Agreement (SLA) targets.

[1480] IIP VPN is preferably built around a modular IIP infrastructure.Some or all of the following elements may be used to enable MPLS andIPSec VPN seamless provisioning:

[1481] The IP VPN SDK

[1482] The IIP VPN SDK allows flexibility in creating automatedconfiglet templates to be used for provisioning, for example PE-CE(Provider Edge—Customer Edge) links and the QoS definition for MPLS VPN,the IPSec tunnel endpoints, the security and authentification methods.The flexibility is achieved by allowing a network operator toindependently design the automation of its provisioning workflow and thealteration of PE/CE configlets. This may allow a system in which nore-compilation of the application is necessary unlike in prior altautomated provisioning systems. This may allow The network provider tokeep to its current provisioning workflow and to

[1483] independently plan its evolution.

[1484] Templates from OSS and BSS systems are preferably used to limitthe number of necessary actions in the provisioning and to automaticallycomplete the maximum number of parameters in the configlet.

[1485] Three scenarios that may occur while creating a new configlettemplate are discussed below by way of example.

[1486] 1. The change is made to the configlet template and does notimply any change to the parameters; for example it may be the case forNTP and SNMP. In this case, the network engineer may save the changes ina template library, which allows the IIP VPN to provision these deviceswith the updated configlets in an automated way. In this scenario, onlythe network engineer is needed to make the modifications, no additionalexpertise is required.

[1487] 2. In the second scenario, the network provider can decide:

[1488] to adapt its provision workflow; the network operator may decideto add a QoS provisioning step in the workflow, reflecting anenhancement of its commercial offer.

[1489] to manually modify a parameter in the configlet; it can be achange of the IP address or a new RT.

[1490] As in the previous scenario, the network engineer can modify theconfiglet template. The IIP VPN administrator may then update the IIPVPN VEA dictionary and the IIP VPN back-end may be stopped and restartedto have the modifications activated for the future automatedprovisioning. In this case again, the network provider can evolve itsconfiglet library with limited expertise required.

[1491] 3. In the final scenario, the network provider uses parametersthat are generated by an algorithm. It can be, for example an IKE hashalgorithm for tunnel endpoints authentication for

[1492] IPSec VPN. The network provider may then use the SDK to implementthe new “methods” used by the IIP VPN VEA dictionary to automaticallyretrieve the new parameters. The network engineer may create the newconfiglet template and the administrator may update the IIP VPN VEAdictionary with the new methods. The IIP VPN back end may then bestopped and restarted to active the changes. The network provider hasthe capability to independently complete this task using its own Javaspecialist who has been trained to the IIP VPN SDK.

[1493] As shown in the examples above, the network provider has theindependence to evolve its provisioning automation process with verylimited dedicated expertise resources, without complexity, and in a veryshort timeframe.

[1494] The IIP VPN SDK is preferably provided with a template library.Preferably, by means of the IIP VPN SDK, the network provider canindependently organize the template library according to the scope ofthe template's use. The template library may be used as a repository forpredefined configlets. According to a preferred embodiment, the libraryis based on a drill-down tree structure and reflects the followingorganization:

[1495] Site

[1496] Client

[1497] VPN

[1498] Operator Site

[1499] Operator Network

[1500] All operators

[1501] This structure can preferably be customized to ease the retrievaland use of the configlets for specific deployment purposes.

[1502] A Verb Entity Attributes (VEA) Dictionary may also be deployed aspart of the provisioning system. According to a preferred embodiment,the IIP VPN VEA dictionary contains four major functions:

[1503] The Creation function, addresses the MPLS backbone (TrafficEngineering).

[1504] The Provisioning function is usually divided into the following 3steps but the network provider can create additional steps to reflectits service creation workflow:

[1505] 1. The pre-provisioning of the PE and CE

[1506] 2. The provisioning of the VPN

[1507] 3. The provisioning of the QoS

[1508] For IPSec VPN provisioning, the steps preferably include:

[1509] 1. Traffic flow selection

[1510] 2. Choice of the security parameters

[1511] 3. Choice of the VPN topology and selection of the endpointsauthentication methods

[1512] When pre-provisioning a PE or a CE, the right configlets shouldbe used or instantiated for edition of the parameters. When the creationof a new configlet template is necessary because of the evolutions ofthe VPN service offer or because of the technology, the configlet maythen be saved into the VEA dictionary for future use. This processoptimizes the automation of the provisioning and gives flexibility toenrich the VEA library with additional configlet templates.

[1513] The Inventory function may provide static views of the VPNs andPE/CE equipments per Customer, per VPN, or per site.

[1514] The Reporting function may provide SLA oriented information aboutthe VPNs, the CE/PE, and the provisioning dates. This reporting functionpreferably interfaces with the I-SEA Suite for MPLS and with Cisco SAAto report about the VPN service provisioning performance.

[1515] In addition to the IIP VPN Configuration Manager and SDK, othermodules may be solicited in the provisioning flow.

[1516] A further element that may be used in MPLS and IPSec provisioningis the EB OSS Database

[1517] The OSS database may be used to modelize the network and systemsinfrastructure and maintain the configurations of the CPE, the customerand user information and the service details. The database is preferablyimplemented as a high availability database, may be based on Oracle andpreferably follows the JTU M3100 recommendations for redundancy and dataintegrity. It preferably works on an active-active mode and offers afull back-up, recovery for ‘instances’ and data protection. FIG. 64illustrates one embodiment of the OSS database with the highavailability cluster in active-active mode.

[1518] Inventory Manager

[1519] IIP VPN preferably uses the inventory capabilities of anInventory Manager. The Inventory Manager's primary role is to monitorthe CE, PE and P routers availability and their configurations, in orderto support the link or tunnel creation. The SDK may collect information,such as that outlined below, from the Inventory Manager:

[1520] Physical and logical inventory of the network elements

[1521] Configuration inventory of existing VPNs

[1522] IP Routing used

[1523] Capacity: PE and CE interfaces, VRF capacity per PE.

[1524] Location and topology information

[1525] QoS

[1526] In the context of Layer 2 MPLS VPN, the Inventory Managerpreferably collects the PE and the CE endpoints configuration (CE ID, CErange, logical circuits, node colours and role).

[1527] The IIP VPN provisioning system is preferably implemented inconjunction with an IP Address Manager, which is described in moredetail herein. IIP .VPN nay use the IP Address Manager to get the PE,CE, P router IP addresses, and the subnets in the network. Specificallyfor MPLS VPN, the IP Address Manager preferably also provides:

[1528] the Route Distinguishers (RD) and Route Targets (RT) currentassignments

[1529] BGP Autonomous Systems Network elements

[1530] The routing context of VPNs

[1531] The VRF routing tables

[1532] For IPSec VPN, the IP Address Manager preferably provides:

[1533] The subnets details for identifying the traffic that will beprotected.

[1534] The IP Address of the equipments that will serve as tunnelendpoints.

[1535] The IIP VPN is preferably also implemented in conjunction with aConfiguration Manager, which may be used to create, add and edit theconfiglets per MPLS or IPSec domain. The Configuration Manager may alsocreate the RD and the RT and configure the VRFs. For IPSec VPNprovisioning, Configuration Manager preferably leverages a system suchas Cisco's IOS to select the traffic flows. It may then edit thesecurity parameters (IPSec and IKE), the VPN topology, theauthentication methods (e.g. pre-shared keys or PKI) and apply them tothe CEs. All common IPSec and IKE security algorithms are preferablysupported by IIP VPN and Configuration Manager preferably negotiates newkeys regularly and provides authentication services.

[1536] According to a preferred embodiment, the Configuration Managerallows multi-device and multi-vendor configuration in one step, forexample Cisco IOS PE and CE, Cisco VPN 3000/5000, Juniper and NortelPE/CEs. The Configuration Manager preferably uses the VEA (Verb Entity

[1537] Attributes) language, which may be used to simplify the configletcreation. With the VEA, the operator uses a simple syntax for editingthe configlet. However, the use of the VEA does not prevent the operatorfrom immediately accessing the Command Line Interface (CLI), which maybe useful for editing batches.

[1538] Once created, the configlets can preferably be downloaded to theVPN network elements via multiple technologies, for example TFTP, Telnetor FTP.

[1539] The Configuration Manager preferably provides a scheduler featurewhich may allow ‘just-in-time’ provisioning and activation of the VPNand planning capabilities. In the context of Managed Network Services,where the service provider delivers the CE to the customer, thescheduler may allow automatic activation of the service. The schedulerpreferably also limits the necessary operator actions when BGP dampeningparameters are configured in the CE or the PE.

[1540] According to a further preferable feature, the ConfigurationManager may also enable static audits of the configuration. These staticaudits may be used to check that the configuration of the router has notbeen modified during the ‘instantiation’. The Configuration Managerpreferably also provides a repository for the configlets allowingroll-back and undo of the configlets. The roll-back action can beassociated to the scheduler.

[1541] The Front-ends of the IIP VPN According to one Embodiment areDescribed below.

[1542] The web-based front-ends may be built and customized from afront-end SDK and may be connected to one or multiple back-ends.

[1543] Three kinds of front-ends are usually defined:

[1544] A Network Provider front-end

[1545] A Service Provider front-end; when the VPN service is notdelivered by the network provider

[1546] A Customer front-end; offering self-provisioning capabilities.

[1547] Each of these front-ends can preferably be customized to allowdifferent levels of access and rights. By means of the SDK, the networkprovider can preferably develop the screens and the flows, to reflectthe rapid changes in the offering or infrastructure. The front-ends arethe interfaces for accessing the graphical views of the VPNs, which mayinclude:

[1548] CPE to CPE tunnelsfor.IPSec.VPNs.

[1549] PE and CE views or CE to CE views for MPLS VPNs

[1550] The GUI Command Line Interface is preferably accessible fi-om thefront-ends for the creation of batches.

[1551] I-SEA Suite for VPN

[1552] The IIP VPN is preferably implemented in conjunction with agents,which may be used to test and monitor VPN services. The agents are alsodescribed herein in more detail. The I-SEA agent preferably executes a“round robin” scenario where the features of the created VPN may betested. The agent can preferably test, for example the PE and CE linksand tunnels, the security, the QoS, the performance by Class-of-Serviceand the central services (such as mail, internet access, VoIP, etc). Itmay also be used to monitor the management links and services. A singleI-SEA agent can be used to monitor multiple VRF on a PE. The switch fromone VRF to another is preferably immediate and operation on the PE isnot required. The I-SEA agent preferably also offers a web interface fordirect access and creation of the scenario.

[1553] The alarms may be collected by a Service Fault Manager (alsodescribed in more detail herein) which may be used to compile theresults from all ISEA agents and provide audit and accounting reports.The reports are preferably accessible from two web-based interfaces forcustomer operation and service operation.

[1554] The IIP VPN system is preferably implemented in conjunction witha Component Fault Manager for MPLS.

[1555] The Component Fault Manager preferably collects and manages allplatform component alarms (for example, Micromuse, HP ITO, Compaq TeMIP,BMC Patrol). The Component Fault Manager is preferably associated withthe Service Fault Manager and maybe used to correlate the service andcomponent alarms to identify the failing component. A Java-basedpresentation module preferably provides a sophisticated user interfacedesigned for Network Operators and Administrators (NOPs).

[1556] MPLS Network Manager

[1557] The MPLS Network Manager, if required, can be used to monitor thetraffic engineering of the VPNs.

[1558] One example of an MPLS VPN Provisioning Flow is described in thenumbered steps below.

[1559] 1. The network engineer creates a new Business Service Request(BSR) for a customer, describes it and assign it to an operator.

[1560] 2. The operator creates a new site for the customer.

[1561] 3. The operator initiates the PE-CE link provisioning byselecting the parameters from the pre-documented fields.

[1562] 4. The operator executes a visual check of the created configletand saves it.

[1563] 5. The operator selects the L3 parameters, executes a visualcheck and saves it.

[1564] 6. The new configuration can then be manually submitted.

[1565] 7. Alternatively, the new configuration can be automaticallysubmitted from the GUL

[1566] 8. The operator then runs the static audit of the configuration.

[1567] 9. The operator adds a VPN to the PE-CE link that he has created.He visually checks the new configlet.

[1568] 10. The operator enters the routing parameters, operates a visualcheck, and saves the parameters.

[1569] 11. The operator enters the QoS parameters, for example trafficmarking, congestion avoidance and class-of-service.

[1570] 12. He operates a visual check, submits the configuration to thePE and CE and runs a static audit The VPN is ready.

[1571] 13. The operator can request a report for the new specific VPN.He will access the details of the PE and CE elements which belong to theVPN.

[1572] The IIP VPN is preferably designed to be multi-technologycompliant and is preferably based on the well-established IETF standardRFC 2547 Bis for MPLS-based VPN, and the following routing protocols:RIP v2, BGP, Multi-protocol BGP (BGP-MP), Static routing and OSPF. IIPVPN can preferably provision IPSec-based VPN and automate theprovisioning of IP-Sec tunnels encapsulation into MPLS VPN, aconfiguration that is well adapted to LAN-to-LAN VPN services. Inaddition to ATM and Frame-Relay, IP VPN preferably supports a largerange of Layer 2 technologies, such as PPP, DSL, Optical Ethemet andHFC. IIP VPN is preferably designed to be vendor-agnostic. Inparticular, because of its flexible template edition capabilities, IIPVPN can activate MPLS VPN services on a large range of routingequipments, such as Cisco Systems, Juniper Networks and RiverstoneNetworks portfolio. This compliance makes IP VPN particularly suitablefor use in MPLS VPN service provisioning in heterogeneous networks.

[1573] IIP VPN can preferably be implemented to provision any kind VPNtopologies, for example: fullmesh, hub & spoke or partial-mesh VPNs forextranet applications lip VPN may provision one or multiple PE-CE links,managing the attributes of the BGP routing protocol. This may allow, forexample, the following connectivity patterns:

[1574] A CE single-homed and non-redundant as connected to one PEinterface.

[1575] Two CE dual-homed with HSRP on one PE interface.

[1576] Two physical interfaces on a CE interfacing to two PEs offeringpartial redundancy.

[1577] Two CE dual-homed with HSRP on two PEs offering full redundancy.

[1578] In addition, IIP VPN may provision ISDN redundancy solutions forsingle-homed, non-redundant configurations.

[1579] Quality-of-Service Provisioning:

[1580] In order to address the need for tiered VPN links, IIP VPN mayfurther enable the provisioning of QoS features associated to PE-CElinks.

[1581] Class-of-Service (CoS):

[1582] In an MPLS environment, the CoS is enforced on both the PE andthe CE. IIP preferably uses imported ACL for defining and applyingmultiple traffic classes per subscriber or defining QoS profiles withpre-defined CoS allocation. In this case there is preferably one QoSprofile per subscriber. With the imported ACLS, IIP VPN may offer a userflexible requirements and preferably complies with DiffServ's CoSstandards-RFC 2597 (AF), RFC 2598 (EF); RFC 2474 & 2475 (DSCP) and RFC791.

[1583] Traffic Shaping and Congestion Management:

[1584] In order to complement the CoS capabilities, MPLS IIP VPNpreferably handles the traffic shaping configurations by configuring thePE or the CE egress interfaces and marking the traffic with D-WRED andGeneric Traffic Shaping (GTS). IIP VPN preferably handles Frame RelayTraffic Shaping (FRTS) for Frame-Relay with the associated queuemanagement protocols WQF, CBWQF, customed queuing (CQ), priority queuing(PQ), PQ-CBWFQ (LLQ) and the non-Frame Relay specific Generic TrafficShaping (GTS) associated with complementary Frame Relay traffic shapingprotocols; Forward Explicit Congestion Notification (FECM) and BackwardExplicit Congestion Notification (BECN).

[1585] Policing:

[1586] As for traffic shaping, IIP VPN may configure the PE or the CEegress interface with policing configuration. IIP VPN preferably usesCommitted Access Rate (CAR) and Distributed Commintted Access Rate(DCAR) protocols.

[1587] As a further feature of a preferred embodiment, the IIP VPN canprovision Layer 2 MPLS VPNs following the IETF drafts ‘Martini’ and‘Kompella’. Leveraging ‘Kompella’ auto-discoveiy capabilities (BGP-MP)and Inventory Manager, IIP VPN preferably identifies die membership setof the VPN context and processing intended to receive the new VPNinformation. The Inventory Manager may then collect the topologyinformation; the details related to the endpoints connectivity and the‘reachability’ (VPN routes in the VPN space) that may be used by IIPVPN.

[1588] IIP VPN uses ‘Kompella’ CE indexation membership scheme whichincludes, for example:

[1589] The VPN ID

[1590] The CE ID

[1591] The CE range, the number of CE within the VPN

[1592] The Logical Circuits (e.g. DLCI or VLAN)

[1593] The node colour that has to be shared for connectivity

[1594] The role (Hub or spoke)

[1595] The L2 MPLS VPN provisioning preferably follows the L3 MPLS VPNworkflow. IIP VPN preferably provisions the logical circuit, the nodecolour and the role of the CE. These ‘connectivity’ parameterspreferably serve a similar purpose to LDP signalling in L3 MPLS VPN. Thecolour of the node and the role of the CE parameters preferably permitVPN topologies other than full-meshed. The provisioning workflow iseasily adapted to the L2 MPLS VPN provisioning requirements with the IIPVPN SDK.

[1596] IPSec VPN

[1597] In the context of IPSec VPN provisioning, IIP VPN may be used toprovision IPSec services and may be used in particular but notexclusively, to provision services with the following two protocols:

[1598] Authentication Header (AH), RFC 2402

[1599] Encapsulation Security Payload (ESP), RFC 2406

[1600] Using the AH protocol, IIP VPN can provision IPSec VPN usingMD5-HMAC and SHA-1-HMAC authentification algorithms. Using the ESPprotocol, IIP VPN can provision IPSec VPN using 56-bit DES, 3DES andshould support Advanced Encryption Standard (AES). It may also provisionauthentication configlets using Blowfish.

[1601] IIP VPN can preferably Accommodate the Different modes of IPSec:

[1602] Tunnel Mode for passing security gateways when the destinationhost doesn't support IpSec as the IP packet is encapsulated into AH orESP and then headed with a new IP header.

[1603] Transport Mode where the AH or ESP is placed after the IP header.

[1604] For authentification and key management, UP VPN preferably allowsmanual keying or the use of IKE with the following mechanisms:

[1605] Pre-shared keys where the operator manually enters the same keyon each peer.

[1606] Encrypted nonces where the asymmetric key is generated on a peer,collected by IIP VPN and copied to the other peers.

[1607] Digital certificates where die key is generated by thecertificate authority (CA) and pre-fed into IIP VPN.

[1608] IIP VPN preferably also provides the necessary templates for theautomation of the IPSec VPN configlet edition.

[1609] Some of the benefits and advantages of the IIP MPLS VPN systemare outlined briefly below:

[1610] End-to-end and Seamless VPN Provisioning from a single Front-Endmay be provided IIP VPN preferably provisions MPLS and IPSec VPN onmulti-technology access and edge from single customizable front-ends.The same tool may be used for, for example, Frame-Relay, xDSL, Cable,Optical customers, for MPLS/BGP VPN, Layer 2 MPLS VPN and IPSec VPN.

[1611] Web-based and CLI Front Ends. IIP VPN SDK preferably allowsflexible adaptation of the templates, workflow and front-end screens tothe network operator situation. The network provider can offer GUI frontends to the service providers and self-activation to the customers. Inaddition, the network provider can implement VPN service provisionthrough batches generated in the GUI CLI.

[1612] The IIP VPN system is both scalable and distributed.

[1613] Flexible SDK-based. According to a preferred embodiment, thenetwork operator can easily evolve the activation modules, theinterfaces reflecting the changes in the workflows, infrastructure,service offering.

[1614] The system is preferably operationally integrated with the BSSand OSS modules, which enables timely and precise billing and customersupport. Interfaced to CRM systems, lIP VPN allows flexible changes of,for example the QoS, the customer CoS, the service pack, VPN.

[1615] IIP VPN is preferably compliant with multiple-vendors,multiple-routing protocols, multiple-OS and hence facilitates theprovisioning of VPN services in a heterogeneous infrastructure.

[1616] It will be appreciated by the skilled person that there have beendescribed herein numerous aspects and preferred features, includingindependent methods, tools, agents, interfaces, particularly graphicaluser interfaces, services, data products for use in a variety ofcommunications problems, including without limitation provisioning andrelated activities, capacity planning, service monitoring, componentmonitoring, device management and the like. As apparent and asdiscussed, some of these may combine synergistically with other featuresand indeed may enable provision of novel services and applications.However, for the avoidance of doubt, unless otherwise stated, allfeatures disclosed herein, whether as aspects, clauses, featuresexplicitly stated to be preferred, claims or simply as individuallyidentifiable preferred features may be provided independently of otherfeatures. In particular, whilst many features have application toprovisioning of services and can offer significant advantages incombination with a provisioning application or method, it will beappreciated that these may be applied independently. The examples givenhave included a variety of broadband communications protocols, includingcable modem access, DSL, VPN purely by way of example. The featurestechniques and tools etc disclosed herein may be applied to otherhardware configurations or communications modes, if necessary withchanges as will be apparent to the skilled person.

[1617] A large number of features have been described and in severalplaces the foregoing has provided numerous lists of preferred oroptional features, for example in relation to sample actions orfunctions that may be performed, data that may be stored, displayed orcommunicated, parameters that may be monitored or changed, options thatmay be provided. In all lists of preferred features herein, unlessotherwise explicitly stated, whilst provision of the complete set offeatures as listed may be advantageous, it is specifically intended thatany one of the features listed, or any sub combination, may be providedindependently of other listed or accompanying features. The advantagesof providing any said features independently will be apparent to theskilled person and may not therefore have been stated explicitly in theinterests of conciseness. Whilst described and applied to advantage in abroadband context, where problems peculiar to broadband communicationsmay be solved, aspects and features of the invention may be moregenerally applied.

1-265 (Cancel)
 266. A method of providing an assured service to a uservia a virtual private connection in a distributed network, the methodcomprising providing an agent in the network and configuring the agentto monitor the virtual private connection by simulating communicationover the connection.
 267. A method according to claim 266 wherein theagent is arranged to reside on a node of the network other than theuser's end node.
 268. A method according to claim 266 wherein the agentis arranged to receive configuration information identifying aconnection to monitor.
 269. A method according to claim 266 wherein asingle agent is arranged to receive configuration informationidentifying a plurality of independent connections to monitor.
 270. Amethod according to claim 266 wherein the method further comprisesconfiguring the agent to pass a fault report to a remote networkmonitoring component in the event that a fault is detected in theprovisioned virtual private connection.
 271. A method according to claim266 further comprising provisioning a virtual private connection basedon provisioning information.
 272. A method according to claim 271wherein configuration information is sent to a pre-existing agent. 273.A method according to claim 271 wherein an agent is launched if nopre-existing agent is available to monitor the provisioned connection.274. A communications network management system, which system comprises:a. an input for receiving fault reports in respect of a network and/orone or more services supported by a network, b. a data store for storingdata in respect of said network and/or services, c. a fault processorfor processing fault reports received via the input, using data storedin the data store, to generate corrective solutions, and d. a simulatorfor triggering a service provision response by the network wherein thesimulator has an output to the network to trigger a service provisionresponse, such that a fault report in respect of said response will bereceived at the input and processed by the fault processor.
 275. Acommunications network management system according to claim 274 whichfurther comprises means to apply a generated corrective solution to thenetwork and to trigger a service provision response by use of thesimulator such as to validate the applied corrective solution.
 276. Acommunications network management system according to claim 274, whereinsaid input for receiving fault reports is adapted to receive both faultreports in respect of services provided by said network and componentalarms from components of said network, and said fault processorcomprises a correlation engine for correlating received fault reports inrespect of one or more services with received component alarms.
 277. Acommunications network management system according to claim 274 whereinthe data store is structured to hold one or more problem descriptions inaddition to one or more fault reports and/or one or more componentalarms, at least one stored problem description comprising data receivedin respect of historic component behaviour, said fault processor beingadapted to access data received in respect of historic componentbehaviour for use in processing fault reports to generate one or morecorrective solutions.
 278. A communications network management systemaccording to claim 274 wherein the data store is further structured tostore customer data in relation to services and the fault processorcomprises a correlation engine for correlating received fault reports inrespect of one or more services with customer data, and wherein thefault processor further comprises sorting apparatus for sorting faultreports in an order determined by correlated customer data.
 279. Acommunications network management system comprising a fault detector andfault processor for detecting faults in the network or services providedover the network, and for analysing detected faults with the purpose ofgenerating solutions to the faults, wherein the system further comprisesmeans for providing context sensitive help for providing information tothe user in relation to one or more faults being analysed.
 280. A systemaccording to claim 279 wherein said means for providing contextsensitive help comprises a knowledge management system having a searchengine, the search engine being arranged to run a search on data storedfor the knowledge management system, said search being based on the oneor more faults being analysed.
 281. A system according to claim 279wherein the system is provided with a data store for storing data inrespect of said network and/or services and processes fault reports inthe light of stored data to generate corrective solutions to receivedfault reports, wherein the system is further provided with at least onesimulator for requesting service provision over the network such thatthe network and one or more services can be proactively tested.
 282. Asystem according to claim 281 further comprising means for adjusting atleast one service provisioning parameter for at least one user.
 283. Asystem according to claim 281 wherein the simulator simulates useractivity.
 284. A system according to claim 281 wherein the network is abroadband communications network.
 285. A system according to claim 281wherein the simulator is provided by an agent associated with a networkcomponent.